Robustness of on-Device Models: Adversarial Attack to Deep Learning Models on Android Apps

Yujin, Huang,; Hu, Han; Chen, Chunyang

doi:10.1109/icse-seip52600.2021.00019

Cited by 22 publications

(52 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…28 More of these SVs are required to help develop sufficiently effective SV assessment and prioritization models. One potential way to build such a dataset is to first match the (pre-trained) ML/DL models proposed in the literature or released on model repositories (e.g., Tensorflow Hub 29 ) with the ones used in real-world systems either on version control systems or in mobile apps [81]. The matched models would then be tested against known adversarial attacks to identify corresponding SVs.…”

Section: Data-driven Sv Assessment and Prioritization Of Data-driven ...mentioning

confidence: 99%

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Le¹,

Chen²,

Babar³

2021

Preprint

View full text Add to dashboard Cite

Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surge in SV data sources and datadriven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues. CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Software security engineering; • Computing methodologies → Machine learning; Neural networks;

show abstract

Section: Data-driven Sv Assessment and Prioritization Of Data-driven ...mentioning

confidence: 99%

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Le¹,

Chen²,

Babar³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…The activation functions in hidden layers and the output layer are ReLU and Softmax, respectively. The hidden layer structures of LFCN and HFCN are [64, 32,16,8,4] and [256,256,64,64,32,32,16,8], respectively.…”

Section: Classifiersmentioning

confidence: 99%

“…Deep neural networks (DNNs) [38] have been increasingly adopted in many fields, including computer vision [5], natural language processing [19], software engineering [13,18,32,39,45,48], etc. However, one of the crucial factors hindering DNNs from further serving applications with social impact is the unintended individual discrimination [44,47,55].…”

Section: Introductionmentioning

confidence: 99%

NeuronFair: Interpretable White-Box Fairness Testing through Biased Neuron Identification

Zheng¹,

Chen²,

Du³

et al. 2021

Preprint

View full text Add to dashboard Cite

Deep neural networks (DNNs) have demonstrated their outperformance in various domains. However, it raises a social concern whether DNNs can produce reliable and fair decisions especially when they are applied to sensitive domains involving valuable resource allocation, such as education, loan, and employment. It is crucial to conduct fairness testing before DNNs are reliably deployed to such sensitive domains, i.e., generating as many instances as possible to uncover fairness violations. However, the existing testing methods are still limited from three aspects: interpretability, performance, and generalizability. To overcome the challenges, we propose NeuronFair, a new DNN fairness testing framework that differs from previous work in several key aspects: (1) interpretable -it quantitatively interprets DNNs' fairness violations for the biased decision; (2) effective -it uses the interpretation results to guide the generation of more diverse instances in less time; (3) generic -it can handle both structured and unstructured data. Extensive evaluations across 7 datasets and the corresponding DNNs demonstrate NeuronFair's superior performance. For instance, on structured datasets, it generates much more instances (∼ ×5.84) and saves more time (with an average speedup of 534.56%) compared with the state-of-the-art methods. Besides, the instances of NeuronFair can also be leveraged to improve the fairness of the biased DNNs, which helps build more fair and trustworthy deep learning systems. The code of NeuronFair is open-sourced at https:// github.com/ haibinzheng/ NeuronFair. CCS CONCEPTS• Computing methodologies → Artificial intelligence; • Software and its engineering → Software reliability.

show abstract

“…Compared to performing deep learning on cloud, on-device deep learning offers several unique benefits as follows. First, it avoids sending private users' data to the cloud, leading to the bandwidth saving, inference accelerating, and privacy preserving [1]. Second, apps can run in any situation with no need for internet connectivity [2].…”

Section: Introductionmentioning

confidence: 99%

Smart App Attack: Hacking Deep Learning Models in Android Apps

Huang¹,

Chen²

2022

Preprint

Self Cite

View full text Add to dashboard Cite

On-device deep learning is rapidly gaining popularity in mobile applications. Compared to offloading deep learning from smartphones to the cloud, on-device deep learning enables offline model inference while preserving user privacy. However, such mechanisms inevitably store models on users' smartphones and may invite adversarial attacks as they are accessible to attackers. Due to the characteristic of the on-device model, most existing adversarial attacks cannot be directly applied for ondevice models. In this paper, we introduce a grey-box adversarial attack framework to hack on-device models by crafting highly similar binary classification models based on identified transfer learning approaches and pre-trained models from TensorFlow Hub. We evaluate the attack effectiveness and generality in terms of four different settings including pre-trained models, datasets, transfer learning approaches and adversarial attack algorithms. The results demonstrate that the proposed attacks remain effective regardless of different settings, and significantly outperform state-of-the-art baselines. We further conduct an empirical study on real-world deep learning mobile apps collected from Google Play. Among 53 apps adopting transfer learning, we find that 71.7% of them can be successfully attacked, which includes popular ones in medicine, automation, and finance categories with critical usage scenarios. The results call for the awareness and actions of deep learning mobile app developers to secure the on-device models. The code of this work is available at https://github.com/Jinxhy/SmartAppAttack.

show abstract

Robustness of on-Device Models: Adversarial Attack to Deep Learning Models on Android Apps

Cited by 22 publications

References 29 publications

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

NeuronFair: Interpretable White-Box Fairness Testing through Biased Neuron Identification

Smart App Attack: Hacking Deep Learning Models in Android Apps

Contact Info

Product

Resources

About