DeMistify : Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review

4 Scopus Citations
View graph of relations

Author(s)

  • Pengcheng Ren
  • Chaoshun Zuo
  • Xiaofeng Liu
  • Wenrui Diao
  • Shanqing Guo

Related Research Unit(s)

Detail(s)

Original languageEnglish
Title of host publicationICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering
PublisherAssociation for Computing Machinery
ISBN (electronic)9798400702174
Publication statusPublished - Feb 2024

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257

Conference

Title46th IEEE/ACM International Conference on Software Engineering (ICSE 2024)
LocationCentro Cultural de Belém
PlacePortugal
CityLisbon
Period14 - 20 April 2024

Abstract

Mobile apps have become popular for providing artificial intelligence (AI) services via on-device machine learning (ML) techniques. Unlike accomplishing these AI services on remote servers traditionally, these on-device techniques process sensitive information required by AI services locally, which can mitigate the severe concerns of the sensitive data collection on the remote side. However, these on-device techniques have to push the core of ML expertise (e.g., models) to smartphones locally, which are still subject to similar vulnerabilities on the remote clouds and servers, especially when facing the model stealing attack. To defend against these attacks, developers have taken various protective measures. Unfortunately, we have found that these protections are still insufficient, and on-device ML models in mobile apps could be extracted and reused without limitation. To better demonstrate its inadequate protection and the feasibility of this attack, this paper presents DeMistify, which statically locates ML models within an app, slices relevant execution components, and finally generates scripts automatically to instrument mobile apps to successfully steal and reuse target ML models freely. To evaluate DeMistify and demonstrate its applicability, we apply it on 1,511 top mobile apps using on-device ML expertise for several ML services based on their install numbers from Google Play and DeMistify can successfully execute 1250 of them (82.73%). In addition, an in-depth study is conducted to understand the on-device ML ecosystem in the mobile application. © 2024 IEEE Computer Society. All rights reserved.

Research Area(s)

  • Android App, Machine Learning, On-device Model Reuse, Program Analysis

Citation Format(s)

DeMistify: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps. / Ren, Pengcheng; Zuo, Chaoshun; Liu, Xiaofeng et al.
ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. Association for Computing Machinery, 2024. 41 (Proceedings - International Conference on Software Engineering).

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review