A Protection against the Extraction of Neural Network Models
This addresses security concerns for model owners in machine learning by protecting against extraction attacks, though it appears incremental as it builds on existing protection methods.
The paper tackles the problem of extracting neural network models from oracle access by introducing parasitic layers that maintain prediction accuracy while complicating reverse-engineering, reporting experiments on performance and accuracy.
Given oracle access to a Neural Network (NN), it is possible to extract its underlying model. We here introduce a protection by adding parasitic layers which keep the underlying NN's predictions mostly unchanged while complexifying the task of reverse-engineering. Our countermeasure relies on approximating a noisy identity mapping with a Convolutional NN. We explain why the introduction of new parasitic layers complexifies the attacks. We report experiments regarding the performance and the accuracy of the protected NN.