Does frozen graph reveals model's details?

Question

I'm about to deploy a frozen graph from the tensorflow object detection API in an open to access platform, and I would like to know, if the frozen_graph.pb file, once it is loaded can gives access to all details of the model, as for example the :

1) number and type of layers,

2) name of pretrained model

3) train config

4) eval config

5) other related info

If yes, is there any way to protect all these information ?

Thank you very much.

Answer 1

The pb-file contains all operations in the graph, their structure and the weights. It's not trivial to reverse engineer the original model / graph from it, but definitely doable for anybody who knows the TensorFlow internal ops and how they relate.

There's a obfuscate_names operation in TransformGraph that can somewhat mitigate this: https://github.com/tensorflow/tensorflow/blob/master/tensorflow/tools/graph_transforms/README.md#obfuscate_names

Though it would make reverse engineering harder, it is definitely not full solution to your problem. Either way, the pb file must contain the operations of your graph to be able to execute them and as such, there is no 100% secure anti reverse engineering technique to prevent people from extracting your original architecture.