Home

Awesome

DeepSniffer

DeepSniffer is a model extraction framework that predicts the model architecture of the victim models based on the architecture hints during their execution. Specifically, this project mainly provides the most important part: layer sequence prediction. The key concept of DeepSniffer is to transform the layer sequence to a sequence-to-sequence prediction problem.

Installation

  1. Install the Tensorflow v1.13, Pytorch v0.4.1, and Python 3.6.2.
  2. Download the model checkpoint files from the google drive.

Workflow

This project comprises of two parts: 1) Model extraction part: we provide the source code and data set for training and testing the layer sequence predictor which is the fundamental step for model extraction. 2) Adversarial attack example: In the further step, we also provide the source code and trained substitute model checkpoints to evaluate the effectiveness of the extracted models on adversarial attacks.

Model Extraction

Layer Sequence Predictor Inference

Layer Sequence Predictor Training

Adversarial Attack with DeepSniffer

We show an example of targeted adversarial attack on ResNet18 (Golden model). DeepSniffer adopts the extracted neural network architecture to build the substitute models. For comparison, the baseline examines the substitute models established from following networks: VGG family, ResNet family, DenseNet family, SqueezeNet, and Inception.

Additional results: If you would like to validate more cases with random selected substitute models (to reproduce the results of Figure 10), run python auto_attack_labels_random.py 750 245 , where 750 and 245 is the source label and the 245 is the target label. You can change them as you need. The attack results are shown in demofile_random.txt in the same directory (DeepSniffer/AdversarialAttack/), including the attack results of 50 randomly-ensembled substitute models.

If you have any questions, please feel free to open issue in this project. Thanks!