CloudLeak: DNN Model Extractions from Commercial MLaaS Platforms

Presented at Black Hat USA 2020 Virtual, Aug. 5, 2020, 10 a.m. (40 minutes)

Deep Neural Networks (DNN) have been widely deployed for a variety of tasks across many disciplines, for example, image processing, natural language processing, and voice recognition. However, creating a successful DNN model depends on the availability of huge amounts of data as well as enormous computing power, and the model training is often an arduously slow process. This presents a large barrier to those interested in utilizing a DNN. To meet the demands of users who may not have sufficient resources, cloud-based deep learning services arose as a cost-effective and flexible solution allowing users to complete their machine learning (ML) tasks efficiently. Machine Learning as a Service (MLaaS) platform providers may spend great effort collecting data and training models, and thus want to keep them proprietary. The DNN models of MLaaS platforms can only be used as web-based API interface and thus is isolated from users. In this work, we develop a novel type of attack that allows the adversary to easily extract the large-scale DNN models from various cloud-based MLaaS platforms, which are hosted by Microsoft, Face++, IBM, Google and Clarifai.

Presenters:

• Tsung-Yi Ho - Professor, National Tsing Hua University
  Tsung-Yi Ho is a Professor with the Department of Computer Science of National Tsing Hua University, Hsinchu, Taiwan. His research interests include design automation and test for microfluidic biochips and neuromorphic computing systems. He has been the recipient of the Invitational Fellowship of the Japan Society for the Promotion of Science (JSPS), the Humboldt Research Fellowship by the Alexander von Humboldt Foundation, the Hans Fischer Fellowship by the Institute of Advanced Study of the Technische Universität München, and the International Visiting Research Scholarship by the Peter Wall Institute of Advanced Study of the University of British Columbia.
• Honggang Yu - PhD Student, University of Florida
  Honggang Yu is currently a visiting PhD student in the Department of Electrical and Computer Engineering at the University of Florida. His research focuses on machine learning security, deep learning with applications in VLSI computer aided design, and computer vision.
• Yier Jin - Associate Professor, University of Florida
  Yier Jin is the Endowed IoT Term Professor in the Warren B. Nelms Institute for the Connected World and also an Associate Professor in the Department of Electrical and Computer Engineering (ECE) in the University of Florida (UF). His research focuses on the areas of embedded systems design and security, trusted hardware intellectual property (IP) cores, and hardware-software co-design for modern computing systems. His is currently focusing on the design and security analysis on Internet of Things (IoT) and wearable devices with particular emphasis on information integrity and privacy protection in the IoT era. He has presented at Black Hat USA, Black Hat Europe, and RSA Conference.

Links:

• https://www.blackhat.com/us-20/briefings/schedule/#cloudleak-dnn-model-extractions-from-commercial-mlaas-platforms-20825

Similar Presentations:

• Black Hat Asia 2019 / The Cost of Learning from the Best: How Prior Knowledge Weakens the Security of Deep Neural Networks
• Black Hat Europe 2020 Virtual / Hermes Attack: Steal DNN Models In AI Privatization Deployment Scenarios
• Black Hat Europe 2018 / Perception Deception: Physical Adversarial Attack Challenges and Tactics for DNN-Based Object Detection