A buyer-traceable DNN model IP protection method against piracy and misappropriation
Recently proposed model functionality and attribute extraction techniques have exacerbated unauthorized low-cost reproduction of deep neural network (DNN) models for similar applications. In particular, intellectual property (IP) theft and unauthorized distribution of DNN models by dishonest buyers...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/159395 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-159395 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1593952022-09-19T01:14:40Z A buyer-traceable DNN model IP protection method against piracy and misappropriation Wang, Si Xu, Chaohui Zheng, Yue Chang, Chip Hong School of Electrical and Electronic Engineering 2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems (AICAS) VIRTUS, IC Design Centre of Excellence Engineering::Computer science and engineering::Computing methodologies::Image processing and computer vision Deep Learning Security DNN IP Protection Backdoor Recently proposed model functionality and attribute extraction techniques have exacerbated unauthorized low-cost reproduction of deep neural network (DNN) models for similar applications. In particular, intellectual property (IP) theft and unauthorized distribution of DNN models by dishonest buyers are very difficult to trace by existing framework of digital rights management (DRM). This paper presents a new buyer-traceable DRM scheme against model piracy and misappropriation. Unlike existing methods that require white-box access to extract the latent information for verification, the proposed method utilizes data poisoning for distributorship embedding and black-box verification. Composite backdoors are installed into the target model during the training process. Each backdoor is created by applying a data augmentation method to some clean images of a selected class. The data-augmented images with a wrong label associated with a buyer are injected into the training dataset. The ownership and distributorship of a backdoor-trained user model can be validated by querying the suspect model with a set of composite triggers. A positive suspect will output the dirty labels that pinpoint the dishonest buyer while an innocent model will output the correct labels with high confidence. The tracking accuracy and robustness of the proposed IP protection method are evaluated on CIFAR-10, CIFAR-100 and GTSRB datasets for different applications. The results show an average of 100% piracy detection rate, 0% false positive rate and 96.81% traitor tracking success rate with negligible model accuracy degradation. National Research Foundation (NRF) Submitted/Accepted version This research is supported by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme/Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (Award: CHFA-GC1-AW01). 2022-09-19T01:14:40Z 2022-09-19T01:14:40Z 2022 Conference Paper Wang, S., Xu, C., Zheng, Y. & Chang, C. H. (2022). A buyer-traceable DNN model IP protection method against piracy and misappropriation. 2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems (AICAS). https://dx.doi.org/10.1109/AICAS54282.2022.9869923 978-1-6654-0996-4 https://hdl.handle.net/10356/159395 10.1109/AICAS54282.2022.9869923 en CHFA-GC1-AW01 © 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/AICAS54282.2022.9869923. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Computing methodologies::Image processing and computer vision Deep Learning Security DNN IP Protection Backdoor |
| spellingShingle |
Engineering::Computer science and engineering::Computing methodologies::Image processing and computer vision Deep Learning Security DNN IP Protection Backdoor Wang, Si Xu, Chaohui Zheng, Yue Chang, Chip Hong A buyer-traceable DNN model IP protection method against piracy and misappropriation |
| description |
Recently proposed model functionality and attribute extraction techniques have exacerbated unauthorized low-cost reproduction of deep neural network (DNN) models for similar applications. In particular, intellectual property (IP) theft and unauthorized distribution of DNN models by dishonest buyers are very difficult to trace by existing framework of digital rights management (DRM). This paper presents a new buyer-traceable DRM scheme against model piracy and misappropriation. Unlike existing methods that require white-box access to extract the latent information for verification, the proposed method utilizes data poisoning for distributorship embedding and black-box verification. Composite backdoors are installed into the target model during the training process. Each backdoor is created by applying a data augmentation method to some clean images of a selected class. The data-augmented images with a wrong label associated with a buyer are injected into the training dataset. The ownership and distributorship of a backdoor-trained user model can be validated by querying the suspect model with a set of composite
triggers. A positive suspect will output the dirty labels that pinpoint the dishonest buyer while an innocent model will output the correct labels with high confidence. The tracking accuracy and robustness of the
proposed IP protection method are evaluated on CIFAR-10, CIFAR-100 and GTSRB datasets for different applications. The results show an average of 100% piracy detection rate, 0% false positive rate and 96.81% traitor tracking success rate with negligible model accuracy degradation. |
| author2 |
School of Electrical and Electronic Engineering |
| author_facet |
School of Electrical and Electronic Engineering Wang, Si Xu, Chaohui Zheng, Yue Chang, Chip Hong |
| format |
Conference or Workshop Item |
| author |
Wang, Si Xu, Chaohui Zheng, Yue Chang, Chip Hong |
| author_sort |
Wang, Si |
| title |
A buyer-traceable DNN model IP protection method against piracy and misappropriation |
| title_short |
A buyer-traceable DNN model IP protection method against piracy and misappropriation |
| title_full |
A buyer-traceable DNN model IP protection method against piracy and misappropriation |
| title_fullStr |
A buyer-traceable DNN model IP protection method against piracy and misappropriation |
| title_full_unstemmed |
A buyer-traceable DNN model IP protection method against piracy and misappropriation |
| title_sort |
buyer-traceable dnn model ip protection method against piracy and misappropriation |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/159395 |
| _version_ |
1745574628055580672 |