摘要
现有的移动端深度学习模型泄露分析方法依赖于移动端应用动态运行和人工触发深度学习功能,具有不稳定性且需要大量人工参与,限制了分析方法的使用范围。为了更加自动化地分析更多深度学习模型,提出了一种基于污点分析的移动端深度学习模型泄露自动分析方法。该方法综合使用关键字匹配和熵值判定技术提取移动端应用中的模型文件,并使用基于模拟执行的污点分析方法追踪模型解密的函数地址,最后调用解密函数得到模型明文。基于设计方案,实现了自动分析工具ModelDec,在主流应用商店上的实验分析结果显示,该方法的模型泄露检测率和分析时间均优于现有公开方法,充分展示了该方法的有效性。
To analyze deep-learning model leakage on mobile systems,existing methods require to dynamically run mobile applications and manually trigger deep-learning functions,which are unstable and need a lot of manual participations,limiting the widespread use of such analysis methods.To automatically analyze more deep-learning models on mobile systems,this paper proposed an automatic method to analyze deep-learning model leakage on mobile devices using taint analysis.This method combined keyword matching and entropy evaluation to extract model files in mobile applications,used a taint-analysis method based on simulated execution to track the function address of model decryption,and finally called the decryption function to obtain the plaintext model.Based on this design,this paper implemented an automated analysis tool called ModelDec.The analysis results on mainstream APP stores show that the model leakage detection rate and the analysis speed are better than existing methods,which demonstrate the effectiveness of the proposed method.
作者
朱文天
林璟锵
Zhu Wentian;Lin Jingqiang(School of Cyber Science&Technology,University of Science&Technology of China,Hefei 230027,China)
出处
《计算机应用研究》
北大核心
2025年第8期2437-2445,共9页
Application Research of Computers
