If you want to keep your Neural Network architecture secret and still want to use it in an application, would somebody to be able to reverse engineer the Neural Network from the weights file (.h5) only?

如果你想保守你的神经网络架构的秘密，并且仍然想在应用程序中使用它，有人能只从权重文件（.h5）对神经网络进行逆向工程吗？

The weights are an output of model.save_weights() and are loaded back into the model with model.load_weights(). All other application code is properly encrypted in this case.

权重是model.save_weights（）的输出，并通过model.load_weights（）加载回模型。在这种情况下，所有其他应用程序代码都经过了正确的加密。

I would say no.

我会说不。

As an incomplete example: Assume you are given three weight matrices. Even if you are somehow able to guess that they are for simple convolution operations, you would still not know

举个不完整的例子：假设你有三个权重矩阵。即使你能够以某种方式猜测它们是用于简单的卷积运算，你仍然不知道

1. how they are organized in the computational graph. Consider input x, it could be conv(conv(conv(x))), or conv(conv(x)+conv(x)) or many more options


2. Any other settings like stride that drastically changes the output, but are impossible to deduce from your weights


3. probably more reasons

Note:
Why not encrypt your weights file as well? You already seem to have a secret key mechanism to encrypt your model

注意：为什么不加密你的权重文件？您似乎已经有了加密模型的密钥机制