AID: Attesting the Integrity of Deep Neural Networks

Due to their crucial role in many decision-making tasks, Deep Neural Networks (DNNs) are common targets for a large array of integrity breaches. In this paper, we propose AID, a novel methodology to Attest the Integrity of DNNs. AID generates a set of test cases called edge-points that can reveal whether a model has been compromised. AID does not require access to parameters of the DNN and can work with a restricted black-box access to the model, which makes it applicable to most real life scenarios. Experimental results show that AID is highly effective and reliable. With at most four edge-points, AID is able to detect eight representative integrity breaches including backdoor, poisoning, and compression attacks, with zero false-positive.