Defending against model extraction attacks via watermark-based method with knowledge distillation
Developing deep neural network (DNN) models often requires significant investment in computational resources, expertise, and vast amount of data. The increasing popularity of Machine Learning as a Service (MLaaS) offers convenient access to these powerful models, but it also raises concerns about In...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/176640 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-176640 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1766402024-05-24T15:50:35Z Defending against model extraction attacks via watermark-based method with knowledge distillation Zhang, Siting Chang Chip Hong School of Electrical and Electronic Engineering ECHChang@ntu.edu.sg Engineering Developing deep neural network (DNN) models often requires significant investment in computational resources, expertise, and vast amount of data. The increasing popularity of Machine Learning as a Service (MLaaS) offers convenient access to these powerful models, but it also raises concerns about Intellectual Property (IP) protection. Model extraction attacks pose a significant threat, allowing unauthorized parties to steal a model's functionality and potentially exploit it for their own gain. Traditional passive watermarking methods often prove inadequate against determined adversaries. This project presents a novel Intellectual Property Protection (IPP) method for deep neural network (DNN) models. The approach leverages watermarking techniques, a Mixture-of-Experts (MoE) architecture, and knowledge distillation to enhance model security while preserving its core functionality. Authorized users can unlock the full potential of the model by embedding a specific watermark into their input images. Crucially, this solution facilitates robust ownership verification, even in black-box scenarios where model extraction attempts occur. Experimental results demonstrate the effective implementation of this method with minimal impact on the model's primary task. This work contributes to strengthening IP protection within Machine Learning as a Service (MLaaS) environments. Bachelor's degree 2024-05-19T23:34:07Z 2024-05-19T23:34:07Z 2024 Final Year Project (FYP) Zhang, S. (2024). Defending against model extraction attacks via watermark-based method with knowledge distillation. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/176640 https://hdl.handle.net/10356/176640 en A2044-231 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering |
| spellingShingle |
Engineering Zhang, Siting Defending against model extraction attacks via watermark-based method with knowledge distillation |
| description |
Developing deep neural network (DNN) models often requires significant investment in computational resources, expertise, and vast amount of data. The increasing popularity of Machine Learning as a Service (MLaaS) offers convenient access to these powerful models, but it also raises concerns about Intellectual Property (IP) protection. Model extraction attacks pose a significant threat, allowing unauthorized parties to steal a model's functionality and potentially exploit it for their own gain. Traditional passive watermarking methods often prove inadequate against determined adversaries.
This project presents a novel Intellectual Property Protection (IPP) method for deep neural network (DNN) models. The approach leverages watermarking techniques, a Mixture-of-Experts (MoE) architecture, and knowledge distillation to enhance model security while preserving its core functionality. Authorized users can unlock the full potential of the model by embedding a specific watermark into their input images. Crucially, this solution facilitates robust ownership verification, even in black-box scenarios where model extraction attempts occur. Experimental results demonstrate the effective implementation of this method with minimal impact on the model's primary task. This work contributes to strengthening IP protection within Machine Learning as a Service (MLaaS) environments. |
| author2 |
Chang Chip Hong |
| author_facet |
Chang Chip Hong Zhang, Siting |
| format |
Final Year Project |
| author |
Zhang, Siting |
| author_sort |
Zhang, Siting |
| title |
Defending against model extraction attacks via watermark-based method with knowledge distillation |
| title_short |
Defending against model extraction attacks via watermark-based method with knowledge distillation |
| title_full |
Defending against model extraction attacks via watermark-based method with knowledge distillation |
| title_fullStr |
Defending against model extraction attacks via watermark-based method with knowledge distillation |
| title_full_unstemmed |
Defending against model extraction attacks via watermark-based method with knowledge distillation |
| title_sort |
defending against model extraction attacks via watermark-based method with knowledge distillation |
| publisher |
Nanyang Technological University |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/176640 |
| _version_ |
1800916308622049280 |