Robustness of on-device Models: Adversarial Attack to Deep Learning Models on Android Apps

• URL: http://arxiv.org/abs/2101.04401v2
• Date: Thu, 4 Feb 2021 13:39:00 GMT
• Title: Robustness of on-device Models: Adversarial Attack to Deep Learning Models on Android Apps
• Authors: Yujin Huang, Han Hu, Chunyang Chen
• Abstract summary: Most deep learning models within Android apps can easily be obtained via mature reverse engineering. In this study, we propose a simple but effective approach to hacking deep learning models using adversarial attacks.
• Score: 14.821745719407037
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Deep learning has shown its power in many applications, including object detection in images, natural-language understanding, and speech recognition. To make it more accessible to end users, many deep learning models are now embedded in mobile apps. Compared to offloading deep learning from smartphones to the cloud, performing machine learning on-device can help improve latency, connectivity, and power consumption. However, most deep learning models within Android apps can easily be obtained via mature reverse engineering, while the models' exposure may invite adversarial attacks. In this study, we propose a simple but effective approach to hacking deep learning models using adversarial attacks by identifying highly similar pre-trained models from TensorFlow Hub. All 10 real-world Android apps in the experiment are successfully attacked by our approach. Apart from the feasibility of the model attack, we also carry out an empirical study that investigates the characteristics of deep learning models used by hundreds of Android apps on Google Play. The results show that many of them are similar to each other and widely use fine-tuning techniques to pre-trained models on the Internet.

Related papers

• Deep Generative Models in Robotics: A Survey on Learning from Multimodal Demonstrations [52.11801730860999]
  In recent years, the robot learning community has shown increasing interest in using deep generative models to capture the complexity of large datasets. We present the different types of models that the community has explored, such as energy-based models, diffusion models, action value maps, or generative adversarial networks. We also present the different types of applications in which deep generative models have been used, from grasp generation to trajectory generation or cost learning.
  arXiv  Detail & Related papers  (2024-08-08T11:34:31Z)
• Any-point Trajectory Modeling for Policy Learning [64.23861308947852]
  We introduce Any-point Trajectory Modeling (ATM) to predict future trajectories of arbitrary points within a video frame. ATM outperforms strong video pre-training baselines by 80% on average. We show effective transfer learning of manipulation skills from human videos and videos from a different robot morphology.
  arXiv  Detail & Related papers  (2023-12-28T23:34:43Z)
• Stop overkilling simple tasks with black-box models and use transparent models instead [57.42190785269343]
  Deep learning approaches are able to extract features autonomously from raw data. This allows for bypassing the feature engineering process. Deep learning strategies often outperform traditional models in terms of accuracy.
  arXiv  Detail & Related papers  (2023-02-06T14:28:49Z)
• Smart App Attack: Hacking Deep Learning Models in Android Apps [16.663345577900813]
  We introduce a grey-box adversarial attack framework to hack on-device models. We evaluate the attack effectiveness and generality in terms of four different settings. Among 53 apps adopting transfer learning, we find that 71.7% of them can be successfully attacked.
  arXiv  Detail & Related papers  (2022-04-23T14:01:59Z)
• A Differentiable Recipe for Learning Visual Non-Prehensile Planar Manipulation [63.1610540170754]
  We focus on the problem of visual non-prehensile planar manipulation. We propose a novel architecture that combines video decoding neural models with priors from contact mechanics. We find that our modular and fully differentiable architecture performs better than learning-only methods on unseen objects and motions.
  arXiv  Detail & Related papers  (2021-11-09T18:39:45Z)
• Evaluating Deep Learning Models and Adversarial Attacks on Accelerometer-Based Gesture Authentication [6.961253535504979]
  We use a deep convolutional generative adversarial network (DC-GAN) to create adversarial samples. We show that our deep learning model is surprisingly robust to such an attack scenario.
  arXiv  Detail & Related papers  (2021-10-03T00:15:50Z)
• Multi-Robot Deep Reinforcement Learning for Mobile Navigation [82.62621210336881]
  We propose a deep reinforcement learning algorithm with hierarchically integrated models (HInt) At training time, HInt learns separate perception and dynamics models, and at test time, HInt integrates the two models in a hierarchical manner and plans actions with the integrated model. Our mobile navigation experiments show that HInt outperforms conventional hierarchical policies and single-source approaches.
  arXiv  Detail & Related papers  (2021-06-24T19:07:40Z)
• Challenges and Obstacles Towards Deploying Deep Learning Models on Mobile Devices [1.422288795020666]
  Deep learning models are developed using plethora of high-level, generic frameworks and libraries. Running those models on the mobile devices require hardware-aware optimizations. In this paper, we present the existing challenges, obstacles, and practical solutions towards deploying deep learning models on mobile devices.
  arXiv  Detail & Related papers  (2021-05-06T12:40:28Z)
• Distill on the Go: Online knowledge distillation in self-supervised learning [1.1470070927586016]
  Recent works have shown that wider and deeper models benefit more from self-supervised learning than smaller models. We propose Distill-on-the-Go (DoGo), a self-supervised learning paradigm using single-stage online knowledge distillation. Our results show significant performance gain in the presence of noisy and limited labels.
  arXiv  Detail & Related papers  (2021-04-20T09:59:23Z)
• DeepPayload: Black-box Backdoor Attack on Deep Learning Models through Neural Payload Injection [17.136757440204722]
  We introduce a highly practical backdoor attack achieved with a set of reverse-engineering techniques over compiled deep learning models. The injected backdoor can be triggered with a success rate of 93.5%, while only brought less than 2ms latency overhead and no more than 1.4% accuracy decrease. We found 54 apps that were vulnerable to our attack, including popular and security-critical ones.
  arXiv  Detail & Related papers  (2021-01-18T06:29:30Z)
• Model-Based Visual Planning with Self-Supervised Functional Distances [104.83979811803466]
  We present a self-supervised method for model-based visual goal reaching. Our approach learns entirely using offline, unlabeled data. We find that this approach substantially outperforms both model-free and model-based prior methods.
  arXiv  Detail & Related papers  (2020-12-30T23:59:09Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.