A Low-Cost Image Encryption Method to Prevent Model Stealing of Deep Neural Network

Model stealing attack may happen by stealing useful data transmitted from embedded end to server end for an artificial intelligent systems. In this paper, we are interested in preventing model stealing of neural network for resource-constrained systems. We propose an Image Encryption based on Class Activation Map (IECAM) to encrypt information before transmitting in embedded end. According to class activation map, IECAM chooses certain key areas of the image to be encrypted with the purpose of reducing the model stealing risk of neural network. With partly encrypted information, IECAM can greatly reduce the time overheads of encryption/decryption in both embedded and server ends, especially for big size images. The experimental results demonstrate that our method can significantly reduce time overheads of encryption/decryption and the risk of model stealing compared with traditional methods.