What problem does this paper attempt to address?

The paper attempts to address the problem of protecting machine learning models deployed on devices from software analysis and reverse engineering attacks. Specifically, the paper focuses on how to defend against software analysis and reverse engineering attacks that gather internal information about the on-device models. These attacks are more effective than traditional model theft techniques (such as substitute model training or side-channel attacks) because the on-device models are directly hosted on mobile devices, which can be easily unpacked and analyzed. ### Background and Motivation As edge devices and mobile applications increasingly leverage deep learning capabilities, deploying these models on devices (referred to as on-device models) has become more popular. This deployment method avoids the transmission of user data and improves response time. However, the security of on-device models faces serious threats because they can be fully exposed to attackers by unpacking the application. Existing research shows that attackers can easily generate white-box attacks against on-device models and even reverse engineer their training data. ### Solution To protect on-device models from white-box attacks, the authors propose a new technique called Model Obfuscation. Specifically, Model Obfuscation hides and obfuscates the key information (structure, parameters, and attributes) of the model through methods such as renaming, parameter encapsulation, neural structure obfuscation, shortcut path injection, and additional layer injection. The authors developed a prototype tool called ModelObfuscator, which can automatically obfuscate on-device TFLite models. ### Main Contributions 1. **Proposed a new model obfuscation framework**: This framework defends against model parsing by hiding the key information of deployed deep learning models, significantly increasing the cost of attacks and preventing attackers from generating effective attacks and stealing the knowledge of on-device models. 2. **Designed five obfuscation strategies**: Including renaming, parameter encapsulation, neural structure obfuscation, random shortcut path injection, and random additional layer injection, and implemented an end-to-end prototype tool called ModelObfuscator. This tool can automatically obfuscate models and build compatible deep learning libraries. 3. **Provided a classification and comparison of different obfuscation methods**: Classified and compared different obfuscation methods in terms of effectiveness and overhead to guide model owners in choosing appropriate defense strategies. ### Experimental Results Experiments show that ModelObfuscator can significantly improve the security of models with almost no additional time overhead and only a 20% increase in storage overhead. The code for this tool has been publicly released for research and use. ### Conclusion The paper proposes a new model obfuscation method that effectively protects on-device deep learning models from software analysis and reverse engineering attacks through multiple obfuscation strategies. This method improves model security while maintaining model performance and efficiency.