Protecting neural networks from adversarial attacks
Deep learning has become very popular in recent years and naturally, there are rising concerns about protecting the Intellectual Property (IP) rights of these models. Building and training deep learning models, such as Convolutional Neural Networks (CNNs), require in-depth technical expertise, compu...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/175191 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Deep learning has become very popular in recent years and naturally, there are rising concerns about protecting the Intellectual Property (IP) rights of these models. Building and training deep learning models, such as Convolutional Neural Networks (CNNs), require in-depth technical expertise, computational resources, large amounts of data, and time. Hence, the motivation to prevent the theft of such valuable models. There exist two robust frameworks to do so, namely watermarking and locking. Watermarking allows validation of the original ownership of a model, whereas locking aims to encrypt the model such that only authorized access can produce accurate results. This report presents a workflow applying both watermarking and locking techniques to various image classification models and shows how both techniques can work hand in hand without compromising the model’s performance. |
|---|