CloudLeak: DNN Model Extractions from Commercial MLaaS Platforms

Presented at Black Hat USA 2020 Virtual, Aug. 5, 2020, 10 a.m. (40 minutes).

Deep Neural Networks (DNN) have been widely deployed for a variety of tasks across many disciplines, for example, image processing, natural language processing, and voice recognition. However, creating a successful DNN model depends on the availability of huge amounts of data as well as enormous computing power, and the model training is often an arduously slow process. This presents a large barrier to those interested in utilizing a DNN. To meet the demands of users who may not have sufficient resources, cloud-based deep learning services arose as a cost-effective and flexible solution allowing users to complete their machine learning (ML) tasks efficiently. Machine Learning as a Service (MLaaS) platform providers may spend great effort collecting data and training models, and thus want to keep them proprietary. The DNN models of MLaaS platforms can only be used as web-based API interface and thus is isolated from users. In this work, we develop a novel type of attack that allows the adversary to easily extract the large-scale DNN models from various cloud-based MLaaS platforms, which are hosted by Microsoft, Face++, IBM, Google and Clarifai.


Presenters:

  • Yier Jin - Associate Professor, University of Florida
    Yier Jin is the Endowed IoT Term Professor in the Warren B. Nelms Institute for the Connected World and also an Associate Professor in the Department of Electrical and Computer Engineering (ECE) in the University of Florida (UF). His research focuses on the areas of embedded systems design and security, trusted hardware intellectual property (IP) cores, and hardware-software co-design for modern computing systems. His is currently focusing on the design and security analysis on Internet of Things (IoT) and wearable devices with particular emphasis on information integrity and privacy protection in the IoT era. He has presented at Black Hat USA, Black Hat Europe, and RSA Conference.
  • Honggang Yu - PhD Student, University of Florida
    Honggang Yu is currently a visiting PhD student in the Department of Electrical and Computer Engineering at the University of Florida. His research focuses on machine learning security, deep learning with applications in VLSI computer aided design, and computer vision.
  • Tsung-Yi Ho - Professor, National Tsing Hua University
    Tsung-Yi Ho is a Professor with the Department of Computer Science of National Tsing Hua University, Hsinchu, Taiwan. His research interests include design automation and test for microfluidic biochips and neuromorphic computing systems. He has been the recipient of the Invitational Fellowship of the Japan Society for the Promotion of Science (JSPS), the Humboldt Research Fellowship by the Alexander von Humboldt Foundation, the Hans Fischer Fellowship by the Institute of Advanced Study of the Technische Universität München, and the International Visiting Research Scholarship by the Peter Wall Institute of Advanced Study of the University of British Columbia.

Links:

Similar Presentations: