SODA: Protecting Proprietary Information in On-Device Machine Learning Models
This addresses security risks for service providers deploying ML models on edge devices, offering a practical defense against adversarial exploitation.
The paper tackles the problem of proprietary information leakage from on-device machine learning models used in edge applications, demonstrating that simple attacks can exploit these models for profit and content theft, and presents SODA, an end-to-end framework that detects adversarial usage with 89% accuracy in under 50 queries while minimizing impact on performance.
The growth of low-end hardware has led to a proliferation of machine learning-based services in edge applications. These applications gather contextual information about users and provide some services, such as personalized offers, through a machine learning (ML) model. A growing practice has been to deploy such ML models on the user's device to reduce latency, maintain user privacy, and minimize continuous reliance on a centralized source. However, deploying ML models on the user's edge device can leak proprietary information about the service provider. In this work, we investigate on-device ML models that are used to provide mobile services and demonstrate how simple attacks can leak proprietary information of the service provider. We show that different adversaries can easily exploit such models to maximize their profit and accomplish content theft. Motivated by the need to thwart such attacks, we present an end-to-end framework, SODA, for deploying and serving on edge devices while defending against adversarial usage. Our results demonstrate that SODA can detect adversarial usage with 89% accuracy in less than 50 queries with minimal impact on service performance, latency, and storage.