SOOM: A Schedule-Search-Based Operator Obfuscation Method Against Model Extraction Attacks
Summary
Researchers created SOOM, a defense method that obfuscates (hides or disguises) deep learning operators to protect against model extraction attacks, where attackers reverse-engineer compiled neural network code to recreate trainable models. Built on TVM (a deep learning compiler), SOOM uses a machine learning cost model to scramble how operators work while keeping inference fast, achieving a 89% failure rate against extraction attacks with minimal performance slowdown.
Solution / Mitigation
The source proposes SOOM itself as the mitigation: a schedule-search-based operator obfuscation method built on TVM that constructs an obfuscation space for deep learning operators and uses a security-aware learned cost model based on XGBoost gradient boosted trees to generate obfuscated executable code for various deep learning operators, balancing security objectives with performance requirements.
Classification
Affected Vendors
Related Issues
Original source: http://ieeexplore.ieee.org/document/11557392
First tracked: June 18, 2026 at 08:03 PM
Classified by LLM (prompt v3) · confidence: 85%