Research And Implementation Of Black Box Model Reverse Engineering Technology

In recent years,neural networks have been applied to all walks of life,and even play an important role in the country’s critical infrastructure.It is crucial to ensure the safe application of neural networks.Black-box model reverse engineering refers to the process of reversely analyzing various model properties of neural network models that are packaged into blackbox models to provide services.Through the research of neural network black box reverse engineering technology,attackers can use the extracted model information to reconstruct the model to steal business value,they can also use the extracted model attributes to conduct targeted attacks on the model.At the same time,from the perspective of defenders,early understanding of potential risks is also important for black-box model protection technology.At present,a mainstream method of black-box model reverse engineering technology is to train a machine learning model that marks the attributes of the black-box model,and predict the attribute information of the model according to the output feedback of the black-box model to a set of fixed query inputs.However,this scheme also has some problems:(1)When using clean samples to detect the model structure,a large amount of query data is required,and the attack cost is high and the accuracy is unsatisfactory;(2)When constructing proprietary query samples,higher authority may be required,such as requiring the model to be differentiable;(3)The constructed proprietary query samples are usually significantly different from normal samples,so they are easy to be discovered.In order to solve the above problems,this paper proposes a black-box model reverse engineering method based on model pre-detection and metamodel.Before reversely analyzing the properties of the black-box model,a model pre-detection module is introduced,so that the meta-model can obtain more information in the query output.More model attribute information can reduce the complexity of meta-model training and improve the accuracy of attribute analysis.This paper uses experiments to verify that the gradient-based adversarial samples generated for a specific model can carry more model attribute information than the original samples,and can increase the difference of the query output of different black-box models.This paper uses a reference model set containing 11,282 deep neural network models,combined with the model pre-detection results,to train the meta-model for black-box model analysis,and conduct simulation experiments on the Mnist dataset.The experimental results show that the black-box model reverse engineering method based on model pre-detection and meta-model can effectively reduce the query cost and improve the query accuracy under the black-box access rights,and at the same time realize the implicit detection of the model.This paper designs and implements a black-box model reverse engineering system,including a cloud model training and deployment module,a local data preprocessing module,a local data analysis and prediction module,and a result display module.Finally,the real attack scenario is simulated on the cloud platform,and the system function and performance test is completed.