Improving the Reliability of Mobile AI Models
For the current machine learning model deployment strategy, developers first use training data to train the ML model, then deploy the training on devices/software. However, the ML model file contains detailed information on the model architecture and weights that allow attackers to steal the IP or generate attacks. Based on the above problem, we developed a new model deployment strategy that generates a secured model file to run the ML model.
Figure: How to secure the deployed machine learning model
Project 1: Can On-device Models Be Directly Attacked via White-box Strategies?
This paper has been accepted by ICSE2024.
In this project, we showed that the current ML model deployment strategy has significant security risks in that attackers can perform white-box attacks for the deployment model.
Project 2: Static Model Obfuscation for Securing the Deployed ML Models
This paper has been accepted by ISSTA2023.
In this project, we proposed a static model obfuscation method to secure the deployed model. Thus, attackers cannot easily steal the IP or generate attacks.
Project 3: Automatically Removing the Explicit Representation of Mobile AI Models
This paper has been accepted by ISSTA2024.
In this project, we proposed an automatic method to extract the computing codes of mobile models and refactor the extracted codes to an executable program.
Project 4: Dynamic Model Obfuscation to obfuscate the Runtime Data of On-Device Models
This paper has been accepted by ASE2024.
In this project, we propose a dynamic model obfuscation method that can obfuscate the runtime information of on-device models to mislead the reverse engineering methods based on dynamic instrumentation analysis.
Project Team
Mingyi Zhou (PhD Candidate), Prof John Grundy, Chunyang Chen, Xiao Chen, Li Li