MMGuard: Automatically Protecting On-Device Deep Learning Models in Android Apps

On-device deep learning models have shown growing popularity in mobile apps, which allows offline model inference while preserving user privacy. However, on-device deep learning models also introduce security challenges, i.e., the trained models can be easily stolen or even be tampered by attackers. Recent studies suggested that most of the on-device models are lacking of sufficient protection, i.e., can be stolen by decompiling the apps directly. In this work, we present MMGUARD, an automated framework for building mutual authentication between Android apps and deep neural network models, which can thus protect on-device models from being easily attacked (piracy and tampering). Unlike existing model protect methods, our approach does not require model re-training or any prior knowledge of the training data. The key idea of MMGUARD is to verify the deep learning model in the app before inference, i.e., feeding owner- and apprelated information to it, which can greatly increase the effort of model hacking. We evaluate MMGUARD on 5 popular image classification DNNs and 43 real world Android apps from Google Play. Experiment results suggest that MMGUARD introduces negligible latency on models and can be automatically applied to real world apps.