Neural Network Security: Hiding CNN Parameters with Guided Grad-CAM

Linda Guiga, A. Roscoe

2020

Abstract

Nowadays, machine learning is prominent in most research fields. Neural Networks (NNs) are considered to be the most efficient and popular architecture nowadays. Among NNs, Convolutional Neural Networks (CNNs) are the most popular algorithms for image processing and image recognition. They are therefore widely used in the industry, for instance for facial recognition software. However, they are targeted by several reverse-engineering attacks on embedded systems. These attacks can potentially find the architecture and parameters of the trained neural networks, which might be considered Intellectual Property (IP). This paper introduces a method to protect a CNN’s parameters against one of these attacks (Tramèr et al., 2016). For this, the victim model’s first step consists in adding noise to the input image so as to prevent the attacker from correctly reverse-engineering the weights

Download


Paper Citation


in Harvard Style

Guiga L. and Roscoe A. (2020). Neural Network Security: Hiding CNN Parameters with Guided Grad-CAM. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 611-618. DOI: 10.5220/0009061206110618


in Bibtex Style

@conference{icissp20,
author={Linda Guiga and A. Roscoe},
title={Neural Network Security: Hiding CNN Parameters with Guided Grad-CAM},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={611-618},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009061206110618},
isbn={978-989-758-399-5},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Neural Network Security: Hiding CNN Parameters with Guided Grad-CAM
SN - 978-989-758-399-5
AU - Guiga L.
AU - Roscoe A.
PY - 2020
SP - 611
EP - 618
DO - 10.5220/0009061206110618