ActiveGuard: An Active DNN IP Protection Technique via Adversarial Examples

03/02/2021
by   Mingfu Xue, et al.
0

The training of Deep Neural Networks (DNN) is costly, thus DNN can be considered as the intellectual properties (IP) of model owners. To date, most of the existing protection works focus on verifying the ownership after the DNN model is stolen, which cannot resist piracy in advance. To this end, we propose an active DNN IP protection method based on adversarial examples against DNN piracy, named ActiveGuard. ActiveGuard aims to achieve authorization control and users' fingerprints management through adversarial examples, and can provide ownership verification. Specifically, ActiveGuard exploits the elaborate adversarial examples as users' fingerprints to distinguish authorized users from unauthorized users. Legitimate users can enter fingerprints into DNN for identity authentication and authorized usage, while unauthorized users will obtain poor model performance due to an additional control layer. In addition, ActiveGuard enables the model owner to embed a watermark into the weights of DNN. When the DNN is illegally pirated, the model owner can extract the embedded watermark and perform ownership verification. Experimental results show that, for authorized users, the test accuracy of LeNet-5 and Wide Residual Network (WRN) models are 99.15 unauthorized users, the test accuracy of the two DNNs are only 8.92 and 10 fingerprint authentication with a high success rate (up to 100 verification, the embedded watermark can be successfully extracted, while the normal performance of the DNN model will not be affected. Further, ActiveGuard is demonstrated to be robust against fingerprint forgery attack, model fine-tuning attack and pruning attack.

READ FULL TEXT

page 1

page 5

page 10

research
04/19/2021

Protecting the Intellectual Properties of Deep Neural Networks with an Additional Class and Steganographic Images

Recently, the research on protecting the intellectual properties (IP) of...
research
10/14/2022

InFIP: An Explainable DNN Intellectual Property Protection Method based on Intrinsic Features

Intellectual property (IP) protection for Deep Neural Networks (DNNs) ha...
research
08/23/2023

RemovalNet: DNN Fingerprint Removal Attacks

With the performance of deep neural networks (DNNs) remarkably improving...
research
06/06/2022

PCPT and ACPT: Copyright Protection and Traceability Scheme for DNN Model

Deep neural networks (DNNs) have achieved tremendous success in artifici...
research
04/28/2023

NNSplitter: An Active Defense Solution to DNN Model via Automated Weight Obfuscation

As a type of valuable intellectual property (IP), deep neural network (D...
research
11/24/2022

Tracking Dataset IP Use in Deep Neural Networks

Training highly performant deep neural networks (DNNs) typically require...
research
08/13/2020

Deep-Lock: Secure Authorization for Deep Neural Networks

Trained Deep Neural Network (DNN) models are considered valuable Intelle...

Please sign up or login with your details

Forgot password? Click here to reset