This research paper introduces DynaMO, a novel dynamic model obfuscation strategy designed to enhance the security of deep learning (DL) models deployed on mobile devices.
The paper highlights the increasing popularity of deploying DL models on mobile applications and the associated security risks. While existing static and half-dynamic model obfuscation techniques offer some protection against reverse engineering, they are vulnerable to dynamic instrumentation attacks. These attacks allow adversaries to extract sensitive model information, such as weights and computational graphs, during runtime.
To address this vulnerability, the authors propose DynaMO, a fully dynamic obfuscation strategy inspired by Homomorphic Encryption. DynaMO operates by:
This dynamic obfuscation and recovery process, coupled with the random selection of operator pairs, significantly increases the difficulty of reverse engineering. Attackers cannot easily identify the obfuscated information or the recovery steps, even with dynamic instrumentation.
The authors evaluate DynaMO's effectiveness using ten real-world mobile DL models. Their experiments demonstrate that DynaMO significantly enhances model security compared to existing obfuscation strategies. Importantly, DynaMO achieves this security improvement with negligible overhead on model inference performance.
The key contributions of this paper include:
This research makes a significant contribution to the field of mobile DL security by introducing a practical and effective dynamic obfuscation strategy. DynaMO addresses a critical vulnerability in existing protection mechanisms, paving the way for more secure deployment of DL models on mobile devices.
The paper acknowledges the need for further research to explore:
In eine andere Sprache
aus dem Quellinhalt
arxiv.org
Wichtige Erkenntnisse aus
by Mingyi Zhou,... um arxiv.org 10-22-2024
https://arxiv.org/pdf/2410.15033.pdfTiefere Fragen