With the development of deep learning processors and accelerators, deep learning models have been widely deployed on edge devices as part of the Internet of Things. Edge device models are generally considered as valuable intellectual properties that are worth for careful protection. Unfortunately, these models have a great risk of being stolen or illegally copied. The existing model protections using encryption algorithms are suffered from high computation overhead which is not practical due to the limited computing capacity on edge devices. In this work, we propose a light-weight, practical, and general Edge device model Pro tection method at neuron level, denoted as EdgePro. Specifically, we select several neurons as authorization neurons and set their activation values to locking values and scale the neuron outputs as the "asswords" during training. EdgePro protects the model by ensuring it can only work correctly when the "passwords" are met, at the cost of encrypting and storing the information of the "passwords" instead of the whole model. Extensive experimental results indicate that EdgePro can work well on the task of protecting on datasets with different modes. The inference time increase of EdgePro is only 60% of state-of-the-art methods, and the accuracy loss is less than 1%. Additionally, EdgePro is robust against adaptive attacks including fine-tuning and pruning, which makes it more practical in real-world applications. EdgePro is also open sourced to facilitate future research: https://github.com/Leon022/Edg

翻译：随着深度学习处理器和加速器的发展，深度学习模型已广泛部署在物联网边缘设备上。边缘设备模型通常被视为需要谨慎保护的重要知识产权。不幸的是，这些模型面临被盗或非法复制的重大风险。现有基于加密算法的模型保护方法因计算开销过高，在计算能力有限的边缘设备上难以实用。本文提出一种轻量级、实用且通用的神经元级边缘设备模型保护方法EdgePro。具体而言，我们选取若干神经元作为授权神经元，在训练过程中将其激活值设置为锁定值，并缩放神经元输出作为"密码"。EdgePro通过确保模型仅在满足"密码"条件时才能正确工作来实现保护，其代价仅需加密存储"密码"信息而非整个模型。大量实验结果表明，EdgePro能有效完成不同模式数据集上的模型保护任务。其推理时间增幅仅为现有最优方法的60%，精度损失低于1%。此外，EdgePro对包括微调和剪枝在内的自适应攻击具有鲁棒性，使其在真实应用中更具实用性。为促进后续研究，EdgePro已开源：https://github.com/Leon022/Edg