Learn to Reverse DNNs from AI Programs Automatically
Authors: Simin Chen, Hamed Khanpour, Cong Liu, Wei Yang
IJCAI 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We answer following questions through empirical evaluation. RQ1: How accurate of proposed representation model? RQ2: Can our algorithm 2 rebuild DNNs correctly? RQ3: Is our approach sensitive to hyper-parameters. RQ4: What s the contribution of each component? 4.1 Experimental Setup Datasets. We first download the open source models from Torch Vision and Hugging Face as our dataset. Our model dataset includes vision models (e.g. VGG-11, etc.) and textual models (e.g. Bert Sentence Classification, etc.). We then use TVM, a popular deep learning compiler [Chen et al., 2018b] to compile deep neural networks into AI programs. |
| Researcher Affiliation | Collaboration | Simin Chen1 , Hamed Khanpour2 , Cong Liu1 and Wei Yang1 1The University of Texas at Dallas 2Microsoft Research {Simin.Chen, Cong, Wei.Yang}@utdallas.com, Hamed.Khanpour@microsoft.com, |
| Pseudocode | Yes | Algorithm 1 Structure Embedding Algorithm |
| Open Source Code | No | The paper states: 'Dataset: We open-source our decompiled assembly function dataset 2, including more than 80k functions compiled for four hardware platforms. Our dataset is the first dataset for DNN reverse engineering, contributing to future research on on-device DNN security.' The footnote provides a link '2https://drive.google.com/file/d/NNReverse', but this link is specified for the dataset, not the source code for the NNReverse methodology. |
| Open Datasets | Yes | Dataset: We open-source our decompiled assembly function dataset 2, including more than 80k functions compiled for four hardware platforms. Our dataset is the first dataset for DNN reverse engineering, contributing to future research on on-device DNN security. 2https://drive.google.com/file/d/NNReverse |
| Dataset Splits | No | We split 80% of the data as our training dataset and the rest 20% for testing. The paper specifies train and test splits but does not explicitly mention a validation split. |
| Hardware Specification | No | The paper describes experiments and targets different hardware platforms (Android, Intel, ARM, Aarch64) for DNN deployment, but it does not provide specific details (e.g., GPU models, CPU types, or memory) of the hardware used to run its own experiments. |
| Software Dependencies | No | The paper mentions using 'TVM' and 'radare2' but does not provide specific version numbers for these or any other software dependencies needed to replicate the experiment setup. |
| Experiment Setup | Yes | We set the compilation optimization level from 0 to 4. We first conduct experiments to understand how different embedding dimensions affect our technique. Specifically, we configure the embedding dimension as 100, 200, 300 and measure F-1 under different settings. We then configure the context size as 3, 5, 7 and train different models. |