Neural networks are a machine learning technique with a wide variety of applications, including processing visual input and categorizing textual data. Neural networks can be structured in a variety of different ways depending on the application and may require large amounts of training time or data to achieve peak, or even tolerable, performance. Configuration choices for neural networks may also make a large difference in the effectiveness of the network. Some organizations may devote large amounts of time and resources to optimizing the configuration of a neural network for performing a certain task. Protecting this neural network data may be as important as protecting other types of trade secrets, such as product formulas or proprietary code.
An attacker who gains access to the matrices that represent the weights of connections between nodes of a neural network may be able to reverse-engineer the neural network to determine what function the neural network performs. The attacker may then use this data to reconstruct a similar neural network or to find a buyer for the neural network information. The instant disclosure, therefore, identifies and addresses a need for systems and methods for protecting neural network weights from interception and copying.