On the Difficulty of Hiding Keys in Neural Networks

In order to defend neural networks against malicious attacks, recent approaches propose the use of secret keys in the training or inference pipelines of learning systems. While this concept is innovative and the results are promising in terms of attack mitigation and classification accuracy, the effectiveness relies on the secrecy of the key. However, this aspect is often not discussed. In this short paper, we explore this issue for the case of a recently proposed key-based deep neural network. White-box experiments on multiple models and datasets, using the original key-based method and our own extensions, show that it is currently possible to extract secret key bits with relatively limited effort.

On the Difficulty of Hiding Keys in Neural Networks / Kupek, Tobias; Pasquini, Cecilia; Böhme, Rainer. - (2020), pp. 73-78. ((Intervento presentato al convegno 8th ACM Workshop on Information Hiding and Multimedia Security, IH and MMSec 2020 tenutosi a Denver, CO nel 22nd–24th June 2020 [10.1145/3369412.3395076].

Titolo: On the Difficulty of Hiding Keys in Neural Networks
Autori: Kupek, Tobias; Pasquini, Cecilia; Böhme, Rainer
Autori Unitn: 
Pasquini, Cecilia
mostra contributor esterni 
Titolo del volume contenente il saggio: IH and MMSec 2020: Proceedings of the 2020 ACM Workshop on Information Hiding and Multimedia Security
Luogo di edizione: New York, NY
Casa editrice: Association for Computing Machinery, Inc
Anno di pubblicazione: 2020
Codice identificativo Scopus: 2-s2.0-85087877421
ISBN: 9781450370509
Handle: http://hdl.handle.net/11572/277572
Citazione: On the Difficulty of Hiding Keys in Neural Networks / Kupek, Tobias; Pasquini, Cecilia; Böhme, Rainer. - (2020), pp. 73-78. ((Intervento presentato al convegno 8th ACM Workshop on Information Hiding and Multimedia Security, IH and MMSec 2020 tenutosi a Denver, CO nel 22nd–24th June 2020 [10.1145/3369412.3395076].
Appare nelle tipologie:04.1 Saggio in atti di convegno (Paper in proceedings)

File in questo prodotto:
FileDescrizioneTipologiaLicenza 
IH2020.pdf Versione editoriale (Publisher’s layout)Tutti i diritti riservati (All rights reserved)Administrator
Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/11572/277572
  • Citazioni
  • PubMed Central ND
  • Scopus
  • WOS ND
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
 
 
 
Powered by IRIS-about IRIS-Utilizzo dei cookie
Logo CINECA  Copyright © 2021