InFIP: An Explainable DNN Intellectual Property Protection Method based on Intrinsic Features

10/14/2022
by   Mingfu Xue, et al.
0

Intellectual property (IP) protection for Deep Neural Networks (DNNs) has raised serious concerns in recent years. Most existing works embed watermarks in the DNN model for IP protection, which need to modify the model and lack of interpretability. In this paper, for the first time, we propose an interpretable intellectual property protection method for DNN based on explainable artificial intelligence. Compared with existing works, the proposed method does not modify the DNN model, and the decision of the ownership verification is interpretable. We extract the intrinsic features of the DNN model by using Deep Taylor Decomposition. Since the intrinsic feature is composed of unique interpretation of the model's decision, the intrinsic feature can be regarded as fingerprint of the model. If the fingerprint of a suspected model is the same as the original model, the suspected model is considered as a pirated model. Experimental results demonstrate that the fingerprints can be successfully used to verify the ownership of the model and the test accuracy of the model is not affected. Furthermore, the proposed method is robust to fine-tuning attack, pruning attack, watermark overwriting attack, and adaptive attack.

READ FULL TEXT

page 1

page 4

page 5

page 6

page 7

page 8

research
03/02/2021

ActiveGuard: An Active DNN IP Protection Technique via Adversarial Examples

The training of Deep Neural Networks (DNN) is costly, thus DNN can be co...
research
04/19/2021

Protecting the Intellectual Properties of Deep Neural Networks with an Additional Class and Steganographic Images

Recently, the research on protecting the intellectual properties (IP) of...
research
05/28/2021

AdvParams: An Active DNN Intellectual Property Protection Technique via Adversarial Perturbation Based Parameter Encryption

A well-trained DNN model can be regarded as an intellectual property (IP...
research
03/21/2023

Effective Ambiguity Attack Against Passport-based DNN Intellectual Property Protection Schemes through Fully Connected Layer Substitution

Since training a deep neural network (DNN) is costly, the well-trained d...
research
11/17/2020

Deep Serial Number: Computational Watermarking for DNN Intellectual Property Protection

In this paper, we introduce DSN (Deep Serial Number), a new watermarking...
research
08/10/2022

Customized Watermarking for Deep Neural Networks via Label Distribution Perturbation

With the increasing application value of machine learning, the intellect...
research
08/23/2023

RemovalNet: DNN Fingerprint Removal Attacks

With the performance of deep neural networks (DNNs) remarkably improving...

Please sign up or login with your details

Forgot password? Click here to reset