The growth of low-end hardware has led to a proliferation of machine learning-based services in edge applications. These applications gather contextual information about users and provide some services, such as personalized offers, through a machine learning (ML) model. A growing practice has been to deploy such ML models on the user's device to reduce latency, maintain user privacy, and minimize continuous reliance on a centralized source. However, deploying ML models on the user's edge device can leak proprietary information about the service provider. In this work, we investigate on-device ML models that are used to provide mobile services and demonstrate how simple attacks can leak proprietary information of the service provider. We show that different adversaries can easily exploit such models to maximize their profit and accomplish content theft. Motivated by the need to thwart such attacks, we present an end-to-end framework, SODA, for deploying and serving on edge devices while defending against adversarial usage. Our results demonstrate that SODA can detect adversarial usage with 89% accuracy in less than 50 queries with minimal impact on service performance, latency, and storage.

翻译：低端硬件的发展推动了基于机器学习的服务在边缘应用中的普及。这些应用收集用户的上下文信息，并通过机器学习（ML）模型提供个性化优惠等服务。一种日益普及的做法是将此类ML模型部署在用户设备上，以降低延迟、维护用户隐私并减少对集中式源的持续依赖。然而，在用户边缘设备上部署ML模型可能泄露服务提供商的专有信息。本研究针对用于提供移动服务的设备端ML模型展开调查，展示了简单攻击如何泄露服务提供商的专有信息。我们证明，不同攻击者可轻易利用此类模型最大化自身利益并实现内容盗取。基于阻止此类攻击的需求，我们提出一个端到端框架SODA，用于在边缘设备上部署和服务模型，同时防御对抗性利用。实验结果表明，SODA能在不到50次查询中以89%的准确率检测对抗性使用，且对服务性能、延迟和存储的影响极小。