Affiliation:
1. School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 610054, P. R. China
Abstract
Model stealing attack may happen by stealing useful data transmitted from embedded end to server end for an artificial intelligent systems. In this paper, we are interested in preventing model stealing of neural network for resource-constrained systems. We propose an Image Encryption based on Class Activation Map (IECAM) to encrypt information before transmitting in embedded end. According to class activation map, IECAM chooses certain key areas of the image to be encrypted with the purpose of reducing the model stealing risk of neural network. With partly encrypted information, IECAM can greatly reduce the time overheads of encryption/decryption in both embedded and server ends, especially for big size images. The experimental results demonstrate that our method can significantly reduce time overheads of encryption/decryption and the risk of model stealing compared with traditional methods.
Funder
National Natural Science Foundation of China
Key Laboratory of Computer Network and Information Integration
Fundamental Research Funds for the Central Universities
Publisher
World Scientific Pub Co Pte Lt
Subject
Electrical and Electronic Engineering,Hardware and Architecture,Electrical and Electronic Engineering,Hardware and Architecture
Cited by
9 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献