A DNN fingerprint for non-repudiable model ownership identification and piracy detection
A high-performance Deep Neural Network (DNN) model is a valuable intellectual property (IP) since designing and training such a model from scratch is very costly. Model transfer learning, compression and retraining are commonly used by pirates to evade detection or even redeploy the pirated models f...
Saved in:
| Main Authors: | , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/162779 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-162779 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1627792022-11-09T04:57:16Z A DNN fingerprint for non-repudiable model ownership identification and piracy detection Zheng, Yue Wang, Si Chang, Chip Hong School of Electrical and Electronic Engineering Centre for Integrated Circuits and Systems Engineering::Electrical and electronic engineering DNN IP Protection Fingerprinting Random Projection Cross Application Ownership A high-performance Deep Neural Network (DNN) model is a valuable intellectual property (IP) since designing and training such a model from scratch is very costly. Model transfer learning, compression and retraining are commonly used by pirates to evade detection or even redeploy the pirated models for new applications without compromising performance. This paper presents a novel non-intrusive DNN IP fingerprinting method that can detect pirated models and provide a nonrepudiable and irrevocable ownership proof simultaneously. The fingerprint is derived from projecting a subset of front-layer weights onto a model owner identity defined random space to enable a distinguisher to differentiate pirated models that are used in the same application or retrained for a different task from originally designed DNN models. The proposed method generates compact and irrevocable fingerprints against model IP misappropriation and ownership fraud. It requires no retraining and makes no modification to the original model. The proposed fingerprinting method is evaluated on nine original DNN models trained on CIFAR-10, CIFAR-100, and ImageNet-10. It is demonstrated to have the highest discriminative power among existing fingerprinting methods in detecting pirated models deployed for the same and different applications, and fraudulent model IP ownership claims. National Research Foundation (NRF) Submitted/Accepted version This research is supported by the National Research Foundation, Singapore, under its National Cybersecurity R&D Programme/Cyber- Hardware Forensic & Assurance Evaluation R&D Programme (Award: CHFA-GC1-AW01). 2022-11-09T04:57:15Z 2022-11-09T04:57:15Z 2022 Journal Article Zheng, Y., Wang, S. & Chang, C. H. (2022). A DNN fingerprint for non-repudiable model ownership identification and piracy detection. IEEE Transactions On Information Forensics and Security, 17, 2977-2989. https://dx.doi.org/10.1109/TIFS.2022.3198267 1556-6013 https://hdl.handle.net/10356/162779 10.1109/TIFS.2022.3198267 17 2977 2989 en CHFA-GC1-AW01 IEEE Transactions on Information Forensics and Security © 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/TIFS.2022.3198267. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Electrical and electronic engineering DNN IP Protection Fingerprinting Random Projection Cross Application Ownership |
| spellingShingle |
Engineering::Electrical and electronic engineering DNN IP Protection Fingerprinting Random Projection Cross Application Ownership Zheng, Yue Wang, Si Chang, Chip Hong A DNN fingerprint for non-repudiable model ownership identification and piracy detection |
| description |
A high-performance Deep Neural Network (DNN) model is a valuable intellectual property (IP) since designing and training such a model from scratch is very costly. Model transfer learning, compression and retraining are commonly used by pirates to evade detection or even redeploy the pirated models for new applications without compromising performance. This paper presents a novel non-intrusive DNN IP fingerprinting method that can detect pirated models and provide a nonrepudiable and irrevocable ownership proof simultaneously. The fingerprint is derived from projecting a subset of front-layer weights onto a model owner identity defined random space to enable a distinguisher to differentiate pirated models that are used in the same application or retrained for a different task from originally designed DNN models. The proposed method generates compact and irrevocable fingerprints against model IP misappropriation and ownership fraud. It requires no retraining and makes no modification to the original model. The proposed fingerprinting method is evaluated on nine original DNN models trained on CIFAR-10, CIFAR-100, and ImageNet-10. It is demonstrated to have the highest discriminative power among existing fingerprinting methods in detecting pirated models deployed for the same and different applications, and fraudulent model IP ownership claims. |
| author2 |
School of Electrical and Electronic Engineering |
| author_facet |
School of Electrical and Electronic Engineering Zheng, Yue Wang, Si Chang, Chip Hong |
| format |
Article |
| author |
Zheng, Yue Wang, Si Chang, Chip Hong |
| author_sort |
Zheng, Yue |
| title |
A DNN fingerprint for non-repudiable model ownership identification and piracy detection |
| title_short |
A DNN fingerprint for non-repudiable model ownership identification and piracy detection |
| title_full |
A DNN fingerprint for non-repudiable model ownership identification and piracy detection |
| title_fullStr |
A DNN fingerprint for non-repudiable model ownership identification and piracy detection |
| title_full_unstemmed |
A DNN fingerprint for non-repudiable model ownership identification and piracy detection |
| title_sort |
dnn fingerprint for non-repudiable model ownership identification and piracy detection |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/162779 |
| _version_ |
1749179162949582848 |