Search for: All records

Deep neural networks (DNNs) are influencing a wide range of applications from safety-critical to security-sensitive use cases. In many such use cases, the DNN inference process relies on distributed systems involving IoT devices and edge/cloud severs as participants where a pre-trained DNN model is partitioned/split onto multiple parts and the participants collaboratively execute them. However, often such collaboration requires dynamic DNN partitioning information to be exchanged among the participants over unsecured network or via relays/hops which can lead to novel privacy vulnerabilities. In this paper, we propose a DNN model extraction attack that exploits such vulnerabilities to not only extract the original input data, but also reconstruct the entire victim DNN model. Specifically, the proposed attack model utilizes extracted/leaked data and adversarial autoencoders to generate and train a shadow model that closely mimics the behavior of the original victim model. The proposed attack is query-free and does not require the attacker to have any prior information about the victim model and input data. Using an IoT- edge hardware testbed running collaborative DNN inference, we demonstrate the effectiveness of the proposed attack model in extracting the victim model with high levels of certainty across many realistic scenarios.