ActiveGuard: An Active DNN IP Protection Technique via Adversarial Examples

by   Mingfu Xue, et al.

The training of Deep Neural Networks (DNN) is costly, thus DNN can be considered as the intellectual properties (IP) of model owners. To date, most of the existing protection works focus on verifying the ownership after the DNN model is stolen, which cannot resist piracy in advance. To this end, we propose an active DNN IP protection method based on adversarial examples against DNN piracy, named ActiveGuard. ActiveGuard aims to achieve authorization control and users' fingerprints management through adversarial examples, and can provide ownership verification. Specifically, ActiveGuard exploits the elaborate adversarial examples as users' fingerprints to distinguish authorized users from unauthorized users. Legitimate users can enter fingerprints into DNN for identity authentication and authorized usage, while unauthorized users will obtain poor model performance due to an additional control layer. In addition, ActiveGuard enables the model owner to embed a watermark into the weights of DNN. When the DNN is illegally pirated, the model owner can extract the embedded watermark and perform ownership verification. Experimental results show that, for authorized users, the test accuracy of LeNet-5 and Wide Residual Network (WRN) models are 99.15 unauthorized users, the test accuracy of the two DNNs are only 8.92 and 10 fingerprint authentication with a high success rate (up to 100 verification, the embedded watermark can be successfully extracted, while the normal performance of the DNN model will not be affected. Further, ActiveGuard is demonstrated to be robust against fingerprint forgery attack, model fine-tuning attack and pruning attack.



There are no comments yet.


page 1

page 5

page 10


Protecting the Intellectual Properties of Deep Neural Networks with an Additional Class and Steganographic Images

Recently, the research on protecting the intellectual properties (IP) of...

DNN Intellectual Property Protection: Taxonomy, Methods, Attack Resistance, and Evaluations

The training and creation of deep learning model is usually costly, thus...

AdvParams: An Active DNN Intellectual Property Protection Technique via Adversarial Perturbation Based Parameter Encryption

A well-trained DNN model can be regarded as an intellectual property (IP...

Deep Serial Number: Computational Watermarking for DNN Intellectual Property Protection

In this paper, we introduce DSN (Deep Serial Number), a new watermarking...

Deep-Lock: Secure Authorization for Deep Neural Networks

Trained Deep Neural Network (DNN) models are considered valuable Intelle...

Exploring Structure Consistency for Deep Model Watermarking

The intellectual property (IP) of Deep neural networks (DNNs) can be eas...

Fingerprinting Multi-exit Deep Neural Network Models via Inference Time

Transforming large deep neural network (DNN) models into the multi-exit ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.