Hardening Deep Neural Network Binaries against Reverse Engineering Attacks

Deep Neural Networks (DNNs) are proprietary assets due to the expertise, confidential data, and high development costs involved in model training. Well-trained DNN models are compiled into DNN binaries to be efficiently executed on various platforms, such as edge devices and cloud infrastructures. Recent research on DNN binary decompilation shows the potential of stealing DNN models via binary reverse engineering techniques. While obfuscation is a well-studied technique to hamper binary reverse engineering, general obfuscation schemes are not designed for this new type of binary and have limitations in concealing information within DNN binaries due to the unique characteristics of DNN binaries.