logo
allArticlesConferencesPresentations

CloudLeak: DNN Model Extractions from Commercial MLaaS Platforms

Conference:  BlackHat USA 2020

2020-08-05

Summary

The presentation discusses the combination of different machine learning attacks to become more powerful and the need for understanding the mathematical background of these attacks to develop stronger defenses.
  • Different machine learning attacks can be combined to become even more powerful
  • The mathematical background of these attacks needs to be understood to develop stronger defenses
  • The presenter's goal is to help people better understand the security of AI
  • The presenter is interested in extracting the model from AI chips and accelerators to make them more secure
  • The presenter encourages people to look into leveraging adverse examples for protection and watermarking/fingerprinting
The presenter discusses the need for understanding the mathematical background of machine learning attacks, as they are currently being used as a black box. The presenter hopes to develop stronger defenses and avoid the same old route of developing insecure systems and then hacking them to fix the problems. The presenter also mentions the need to extract the model from AI chips and accelerators to make them more secure.

Abstract

Deep Neural Networks (DNN) have been widely deployed for a variety of tasks across many disciplines, for example, image processing, natural language processing, and voice recognition. However, creating a successful DNN model depends on the availability of huge amounts of data as well as enormous computing power, and the model training is often an arduously slow process. This presents a large barrier to those interested in utilizing a DNN. To meet the demands of users who may not have sufficient resources, cloud-based deep learning services arose as a cost-effective and flexible solution allowing users to complete their machine learning (ML) tasks efficiently. Machine Learning as a Service (MLaaS) platform providers may spend great effort collecting data and training models, and thus want to keep them proprietary. The DNN models of MLaaS platforms can only be used as web-based API interface and thus is isolated from users. In this work, we develop a novel type of attack that allows the adversary to easily extract the large-scale DNN models from various cloud-based MLaaS platforms, which are hosted by Microsoft, Face++, IBM, Google and Clarifai.
Materials:
Slides
Paper
Tags:

Post a comment

Related work

Repurposing Neural Networks to Generate Synthetic Media for Information Operations

Conference:  BlackHat USA 2020
Authors:
2020-08-05

Top Tips from Netflix, NVIDIA, and Meta on Large Language Models (LLMs)

Conference:  Transform X 2022
Authors: Susan Zhang, Faisal Siddiqi, Bryan Catanzaro, Erhan Bas, Elliot Branson
2022-10-19

The Challenges Managing a Kubernetes-Based Machine Learning Infrastructure

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Keith, Keshi Dai, Yuzhui Liu, Ed Shee
2022-10-27

How to Deploy Models at Scale with GPUs

Conference:  Transform X 2022
Authors: Varun Mohan
2022-10-19

Democratizing Deep Learning at Scale with Horovod

Conference:  OpenAI + Data Forum 2022
Authors: Travis Addair, Nicolas Castet
2022-06-21

Searching for the Right Words: Bringing NLP to Apache solr through ONNX and OpenNLP

Conference:  OpenAI + Data Forum 2022
Authors: Jeff Zemerick
2022-06-23