With the development of deep learning processors and accelerators, deep learning models have been widely deployed on edge devices as part of the Internet of Things. Edge device models are generally considered as valuable intellectual properties that are worth for careful protection. Unfortunately, these models have a great risk of being stolen or illegally copied. The existing model protections using encryption algorithms are suffered from high computation overhead which is not practical due to the limited computing capacity on edge devices. In this work, we propose a light-weight, practical, and general Edge device model Pro tection method at neuron level, denoted as EdgePro. Specifically, we select several neurons as authorization neurons and set their activation values to locking values and scale the neuron outputs as the "asswords" during training. EdgePro protects the model by ensuring it can only work correctly when the "passwords" are met, at the cost of encrypting and storing the information of the "passwords" instead of the whole model. Extensive experimental results indicate that EdgePro can work well on the task of protecting on datasets with different modes. The inference time increase of EdgePro is only 60% of state-of-the-art methods, and the accuracy loss is less than 1%. Additionally, EdgePro is robust against adaptive attacks including fine-tuning and pruning, which makes it more practical in real-world applications. EdgePro is also open sourced to facilitate future research: https://github.com/Leon022/Edg
翻译:随着深度学习处理器和加速器的发展,深度学习模型已经作为物联网的一部分广泛部署在边缘设备上。边缘设备模型通常被认为是有价值的知识产权,值得进行精心保护。不幸的是,这些模型存在被盗或非法复制的风险。使用加密算法的现有模型保护由于计算开销过大而不可取,因为边缘设备上的计算能力有限。在本文中,我们提出了一种轻巧、实用且通用的神经元级别的边缘设备模型保护方法——EdgePro。具体而言,我们选择若干个神经元作为授权神经元,并将它们的激活值设置为锁定值,并在训练过程中将神经元输出缩放为"密码"。通过保证只有在满足"密码"的情况下模型才能正常工作,EdgePro通过将"密码"的信息加密存储,以较小的开销保护整个模型。广泛的实验结果表明,EdgePro在具有不同模式的数据集上的保护任务上表现良好。边缘设备上的推理时间增加仅为最先进方法的60%,精度损失小于1%。此外,EdgePro对包括微调和剪枝在内的自适应攻击具有抵御能力,这使得它更加实用于现实世界的应用。EdgePro也是开源的,以便于未来的研究工作:https://github.com/Leon022/Edg