中文

LymphNode: A Plug-and-Play Access Control Method for Deep Neural Networks

密码学与安全 2026-05-18 v1

摘要

Deep Neural Networks (DNNs) are high-value intellectual property (IP), yet deploying them to edge environments exposes them to \textbf{unrestricted oracle access}, rendering them vulnerable to model extraction and inversion attacks. Existing defenses fail to address this practically: passive watermarking only offers post-hoc provenance, while active defenses impose prohibitive latency or require persistent access to sensitive training data. To bridge this gap, we propose \textit{LymphNode}, a novel post-hoc defense framework that acts as an intrinsic ``immune system" within the model. \textit{LymphNode} enforces a strict ``default-deny'' policy: it actively neutralizes model utility for unauthorized queries via \textbf{Generalized Sparse Universal Adversarial Perturbations (GSUAP)} injected into the feature space, effectively blocking gradient estimation and data inference. Utility is selectively restored only for authorized inputs carrying a stealthy feature-domain credential. Our framework is highly practical: it is \textbf{data-efficient}, establishing robust protection with fewer than 100 samples (<1%<1\% of training data), and \textbf{cross-dataset adaptable}, enabling protection using public surrogate datasets. \textit{LymphNode} thus provides a lightweight, immediately deployable defense for high-stakes scenarios where original training data is restricted or unavailable.

关键词

引用

@article{arxiv.2605.16227,
  title  = {LymphNode: A Plug-and-Play Access Control Method for Deep Neural Networks},
  author = {Hanyu Pei and Shang Liu and Zeyan Liu},
  journal= {arXiv preprint arXiv:2605.16227},
  year   = {2026}
}

备注

Accepted by the 56th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2026). Author accepted manuscript. 14 pages, 6 figures