在Android上保持TensorFlow模型加密 [英] Keep TensorFlow Model Encrypted on Android
问题描述
我进行了搜索,以了解是否有一种技术可以在Android应用中保持训练有素的tensorflow模型(.pb文件)的安全,但没有发现任何有用的方法.我正在发布一个包含基于训练集的tensorflow模型的应用程序.当我发布应用程序时,任何人都可以访问该模型并将其用于自己的应用程序.我想知道是否有一种方法可以保护放入我的Android应用程序资产文件夹中的张量流模型吗?
I searched to understand if there is a technique to keep a trained tensorflow model (.pb file) safe in an Android app but didn't find anything useful. I am releasing an app containing a tensorflow model which I built on a training set. When I release the app, anyone can access the model and use it for his own app. I wonder if there is a way to protect a tensorflow model that I put in the asset folder of my Android application?
这是我在Android中加载模型的方式:
This is the way that I load my model in Android:
TensorFlowInferenceInterface tf = new TensorFlowInferenceInterface();
tf.initializeTensorFlow(context.getAssets(), "file:///android_asset/model.pb");
我当时想将加密的模型嵌入到应用程序中,然后在运行时对其进行解密,但是如果有人调试了该应用程序,它可以获取密码并对其进行解密.此外,仅接受的TensorFlowInferenceInterface类中只有一个initializeTensorFlow方法的实现(AssetManager assetManager,String模型).可以编写一个接受加密文件的文件,但是需要对Tensorflow C ++库进行一些修改.我想知道是否有更可靠的解决方案.有什么建议吗?
I was thinking to embed the model encrypted in the app and decrypt it during runtime, but if someone debugs the app, it can get the password and decrypt it. Moreover, there is just one implementation of initializeTensorFlow method in the TensorFlowInferenceInterface class that just accepts (AssetManager assetManager, String model). It is possible to write one that accepts the encrypted one, but it needs some modification of Tensorflow C++ library. I wonder if there is a more reliable solution. Any suggestion, please?
推荐答案
如注释中所述,在本地运行模型时,没有真正安全的方法可以保持模型安全.话虽如此,您可以隐藏模型并使事情变得有些困难,而不是使用 .pb .
As mentioned in the comments, there is no real safe way to keep your model safe when you run it locally. That being said, you can hide your model and make things a tad more difficult than having a .pb around.
除了名称混淆,由 freeze_graph ,一个很好的解决方案是编译为模型使用 tfcompile 使用XLA AOT编译二进制文件.它会生成一个二进制库,其中包含您的模型以及要使用的模型的头文件.这样一来,想要窥视您的网络的人就必须经过编译后的代码,对于大多数人来说,这是比阅读 .pb 文件更高的标准.
Apart from name obfuscation provided by freeze_graph, a good solution is to compile to model to a binary using XLA AOT compilation using tfcompile. It generates a binary library containing your model as well as a header file to use it. Somebody who want to peek at your network would then have to go through compiled code, which is a higher bar to clear than reading a .pb file for most people.
这篇关于在Android上保持TensorFlow模型加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
