You are looking at a specific version 20200824:170140 of this paper. See the latest version.

Paper 2020/1016

Hardware-Assisted Intellectual Property Protection of Deep Learning Models

Abhishek Chakraborty and Ankit Mondal and Ankur Srivastava

Abstract

The protection of intellectual property (IP) rights of well-trained deep learning (DL) models has become a matter of major concern, especially with the growing trend of deployment of Machine Learning as a Service (MLaaS). In this work, we demonstrate the utilization of a hardware root-of-trust to safeguard the IPs of such DL models which potential attackers have access to. We propose an obfuscation framework called Hardware Protected Neural Network (HPNN) in which a deep neural network is trained as a function of a secret key and then, the obfuscated DL model is hosted on a public model sharing platform. This framework ensures that only an authorized end-user who possesses a trustworthy hardware device (with the secret key embedded on-chip) is able to run intended DL applications using the published model. Extensive experimental evaluations show that any unauthorized usage of such obfuscated DL models result in significant accuracy drops ranging from 73.22 to 80.17% across different neural network architectures and benchmark datasets. In addition, we also demonstrate the robustness of proposed HPNN framework against a model fine-tuning type of attack.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Design Automation Conference (DAC) 2020
Keywords
ObfuscationDeep Neural NetworkIP Security
Contact author(s)
abhi1990 @ terpmail umd edu
History
2020-08-24: revised
2020-08-22: received
See all versions
Short URL
https://ia.cr/2020/1016
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.