DEMISTIFY: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps
Mobile apps have become popular for providing artificial intelligence (\emph{AI}) services via on-device machine learning (\emph{ML}) techniques. Unlike accomplishing these AI services on remote servers traditionally, these on-device techniques process sensitive information required by AI services locally, which can mitigate the severe concerns of the sensitive data collection on the remote side. However, these on-device techniques have to push the core of ML expertise (\textit{e.g.}, models) to smartphones locally, which are still subject to similar vulnerabilities on the remote clouds and servers, especially when facing the model stealing attack. To defend against these attacks, developers have taken various protective measures. Unfortunately, we have found that these protections are still insufficient, and on-device ML models in mobile apps could be extracted and reused without limitation. To better demonstrate its inadequate protection and the feasibility of this attack, this paper presents DeMistify, which statically locates ML models within an app, slices relevant execution components, and finally generates scripts automatically to instrument mobile apps to successfully steal and reuse target ML models freely. To evaluate DeMistify and demonstrate its applicability, we apply it on $1,511$ top mobile apps using on-device ML expertise for several ML services based on their install numbers from Google Play and DeMistify can successfully execute $1,250$ of them ($82.73%$). In addition, an in-depth study is conducted to understand the on-device ML ecosystem in the mobile application.
Thu 18 AprDisplayed time zone: Lisbon change
11:00 - 12:30 | Evolution 2Research Track / Journal-first Papers / Software Engineering Education and Training at Amália Rodrigues Chair(s): Massimiliano Di Penta University of Sannio, Italy | ||
11:00 15mTalk | On Using GUI Interaction Data to Improve Text Retrieval-based Bug Localization Research Track Junayed Mahmud George Mason University, Nadeeshan De Silva William & Mary, Safwat Ali Khan George Mason University, Seyed Hooman Mostafavi George Mason University, S M Hasan Mansur George Mason University, Oscar Chaparro William & Mary, Andrian (Andi) Marcus The University of Texas at Dallas, Kevin Moran University of Central Florida | ||
11:15 15mTalk | DEMISTIFY: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps Research Track Pengcheng Ren Shandong University, Chaoshun Zuo Ohio State University, Xiaofeng Liu Shandong University, Wenrui Diao Shandong University, Qingchuan Zhao City University of Hong Kong, Shanqing Guo Shandong University | ||
11:30 15mTalk | How do Developers Talk about GitHub Actions? Evidence from Online Software Development Community Research Track Yang Zhang National University of Defense Technology, China, Yiwen Wu National University of Defense Technology, Tingting Chen College of Computer, National University of Defense Technology, Tao Wang National University of Defense Technology, Hui Liu Beijing Institute of Technology, Huaimin Wang | ||
11:45 15mPaper | Design principles for generating and presenting automated formative feedback on code quality using software metrics Software Engineering Education and Training Eddy van den Aker Zuyd University of Applied Science, Ebrahim Rahimi Open University, the Netherlands | ||
12:00 7mTalk | Automatic Specialization of Third-Party Java Dependencies Journal-first Papers César Soto-Valero KTH, Deepika Tiwari KTH Royal Institute of Technology, Tim Toady Programming Republic of Perl, Benoit Baudry KTH | ||
12:07 7mTalk | Discovering Reusable Functional Features in Legacy Object-Oriented Systems Journal-first Papers Hafedh Mili Université du Québec à Montréal, Imen Benzarti École de technologie supérieure, Amel Elkharraz Collège de Bois-de-Boulogne, Ghizlane El Boussaidi École de Technologie Supérieure, Yann-Gaël Guéhéneuc Concordia University and Polytechnique Montréal, Petko Valchev Université du Québec à Montréal |