{"id":"https://openalex.org/W3183268554","doi":"https://doi.org/10.1109/host49136.2021.9702279","title":"NeurObfuscator: A Full-stack Obfuscation Tool to Mitigate Neural Architecture Stealing","display_name":"NeurObfuscator: A Full-stack Obfuscation Tool to Mitigate Neural Architecture Stealing","publication_year":2021,"publication_date":"2021-12-12","ids":{"openalex":"https://openalex.org/W3183268554","doi":"https://doi.org/10.1109/host49136.2021.9702279","mag":"3183268554"},"language":"en","primary_location":{"id":"doi:10.1109/host49136.2021.9702279","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host49136.2021.9702279","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2107.09789","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100671149","display_name":"Jingtao Li","orcid":"https://orcid.org/0000-0003-4250-869X"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jingtao Li","raw_affiliation_strings":["School of Electrical Computer and Energy Engineering, Arizona State University,Tempe,AZ,85287"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Electrical Computer and Energy Engineering, Arizona State University,Tempe,AZ,85287","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036755436","display_name":"Zhezhi He","orcid":"https://orcid.org/0000-0002-6357-236X"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhezhi He","raw_affiliation_strings":["Shanghai Jiao Tong University,Department of Computer Science and Engineering,Shanghai"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Shanghai Jiao Tong University,Department of Computer Science and Engineering,Shanghai","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030138469","display_name":"Adnan Siraj Rakin","orcid":"https://orcid.org/0000-0002-6056-2625"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adnan Siraj Rakin","raw_affiliation_strings":["School of Electrical Computer and Energy Engineering, Arizona State University,Tempe,AZ,85287"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Electrical Computer and Energy Engineering, Arizona State University,Tempe,AZ,85287","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047916979","display_name":"Deliang Fan","orcid":"https://orcid.org/0000-0002-7989-6297"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Deliang Fan","raw_affiliation_strings":["School of Electrical Computer and Energy Engineering, Arizona State University,Tempe,AZ,85287"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Electrical Computer and Energy Engineering, Arizona State University,Tempe,AZ,85287","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025336372","display_name":"Chaitali Chakrabarti","orcid":"https://orcid.org/0000-0002-9859-7778"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chaitali Chakrabarti","raw_affiliation_strings":["School of Electrical Computer and Energy Engineering, Arizona State University,Tempe,AZ,85287"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Electrical Computer and Energy Engineering, Arizona State University,Tempe,AZ,85287","institution_ids":["https://openalex.org/I55732556"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.099,"has_fulltext":false,"cited_by_count":23,"citation_normalized_percentile":{"value":0.89338204,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"248","last_page":"258"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11307","display_name":"Domain Adaptation and Few-Shot Learning","score":0.9850000143051147,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7798234224319458},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5883094668388367},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.5739248991012573},{"id":"https://openalex.org/keywords/latency","display_name":"Latency (audio)","score":0.5392907857894897},{"id":"https://openalex.org/keywords/dram","display_name":"Dram","score":0.47846174240112305},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.4638974666595459},{"id":"https://openalex.org/keywords/layer","display_name":"Layer (electronics)","score":0.4517121911048889},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.43755170702934265},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.43498578667640686},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.4321160614490509},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3691211938858032},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.1579645276069641},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.1559222936630249},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12683534622192383},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.08872261643409729}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7798234224319458},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5883094668388367},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.5739248991012573},{"id":"https://openalex.org/C82876162","wikidata":"https://www.wikidata.org/wiki/Q17096504","display_name":"Latency (audio)","level":2,"score":0.5392907857894897},{"id":"https://openalex.org/C7366592","wikidata":"https://www.wikidata.org/wiki/Q1255620","display_name":"Dram","level":2,"score":0.47846174240112305},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.4638974666595459},{"id":"https://openalex.org/C2779227376","wikidata":"https://www.wikidata.org/wiki/Q6505497","display_name":"Layer (electronics)","level":2,"score":0.4517121911048889},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.43755170702934265},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.43498578667640686},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.4321160614490509},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3691211938858032},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.1579645276069641},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.1559222936630249},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12683534622192383},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.08872261643409729},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C178790620","wikidata":"https://www.wikidata.org/wiki/Q11351","display_name":"Organic chemistry","level":1,"score":0.0},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/host49136.2021.9702279","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host49136.2021.9702279","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2107.09789","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2107.09789","pdf_url":"https://arxiv.org/pdf/2107.09789","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2107.09789","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2107.09789","pdf_url":"https://arxiv.org/pdf/2107.09789","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W1686810756","https://openalex.org/W1945616565","https://openalex.org/W2001496424","https://openalex.org/W2008166887","https://openalex.org/W2147758029","https://openalex.org/W2170993700","https://openalex.org/W2178031510","https://openalex.org/W2194775991","https://openalex.org/W2293634267","https://openalex.org/W2295598076","https://openalex.org/W2612445135","https://openalex.org/W2804032941","https://openalex.org/W2804500013","https://openalex.org/W2891810898","https://openalex.org/W2906869444","https://openalex.org/W2912934387","https://openalex.org/W2914037680","https://openalex.org/W2921058674","https://openalex.org/W2952343783","https://openalex.org/W2963628712","https://openalex.org/W2963844355","https://openalex.org/W2963960923","https://openalex.org/W2964318098","https://openalex.org/W2973734023","https://openalex.org/W2981708954","https://openalex.org/W3046853140","https://openalex.org/W3102476541","https://openalex.org/W3102836279","https://openalex.org/W3114482311","https://openalex.org/W3114953961","https://openalex.org/W4212883601","https://openalex.org/W4231164953","https://openalex.org/W4293846201","https://openalex.org/W4297775537","https://openalex.org/W4297822135","https://openalex.org/W6637373629","https://openalex.org/W6640425456","https://openalex.org/W6685444988","https://openalex.org/W6718639682","https://openalex.org/W6737664043","https://openalex.org/W6739868092","https://openalex.org/W6751349269","https://openalex.org/W6752057402","https://openalex.org/W6758096801","https://openalex.org/W6758915775","https://openalex.org/W6760474066"],"related_works":["https://openalex.org/W4224216661","https://openalex.org/W3210347767","https://openalex.org/W2066014542","https://openalex.org/W67940504","https://openalex.org/W2024170198","https://openalex.org/W2152144666","https://openalex.org/W1819617256","https://openalex.org/W4308699695","https://openalex.org/W2596984206","https://openalex.org/W2081416538"],"abstract_inverted_index":{"Neural":[0],"network":[1,10,48],"stealing":[2],"attacks":[3,14],"have":[4],"posed":[5],"grave":[6],"threats":[7],"to":[8,44,103,110,146,185],"neural":[9,20,47],"model":[11,145],"deployment.":[12],"Such":[13],"can":[15,182],"be":[16,129,183],"launched":[17],"by":[18],"extracting":[19],"architecture":[21,49,126,150],"information,":[22],"such":[23,35],"as":[24],"layer":[25,72,74,118,153,174,188],"sequence":[26,119,134],"and":[27,78,90,94,120,178,192],"dimension":[28,121,166],"parameters,":[29],"through":[30],"leaky":[31],"side-channels.":[32],"To":[33],"mitigate":[34],"attacks,":[36],"we":[37,168],"propose":[38],"NeurObfuscator,":[39],"a":[40,66,142,147,187,198],"full-stack":[41],"obfuscation":[42,135],"tool":[43,64,140],"obfuscate":[45],"the":[46,60,83,88,105,112,117,125,138],"while":[50],"preserving":[51],"its":[52,157],"functionality":[53,158],"with":[54,159,175,189,196],"very":[55],"limited":[56],"performance":[57],"overhead.":[58,164,201],"At":[59],"heart":[61],"of":[62,68,85,92,107],"this":[63],"is":[65,101],"set":[67],"obfuscating":[69,108,114],"knobs,":[70],"including":[71],"branching,":[73],"widening,":[75],"selective":[76],"fusion":[77],"schedule":[79],"pruning,":[80],"that":[81,124,137,170],"increase":[82],"number":[84,91],"operators,":[86],"reduce/increase":[87],"latency,":[89],"cache":[93],"DRAM":[95],"accesses.":[96],"A":[97],"genetic":[98],"algorithm-based":[99],"approach":[100],"adopted":[102],"orchestrate":[104],"combination":[106],"knobs":[109],"achieve":[111],"best":[113],"effect":[115],"on":[116,133],"parameters":[122],"so":[123],"information":[127],"cannot":[128],"successfully":[130],"extracted.":[131],"Results":[132],"show":[136],"proposed":[139],"obfuscates":[141],"ResNet-18":[143],"ImageNet":[144],"totally":[148],"different":[149],"(with":[151],"44":[152],"difference)":[154],"without":[155],"affecting":[156],"only":[160,197],"2&#x0025;":[161,199],"overall":[162],"latency":[163,200],"For":[165],"obfuscation,":[167],"demonstrate":[169],"an":[171],"example":[172],"convolution":[173],"64":[176],"input":[177,191],"128":[179],"output":[180,194],"channels":[181,195],"obfuscated":[184],"generate":[186],"207":[190],"93":[193]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":4}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}