A deep learning framework supporting model ownership protection and traitor tracing
Cloud-based deep learning (DL) solutions have been widely used in applications ranging from image recognition to speech recognition. Meanwhile, as commercial software and services, such solutions have raised the need for intellectual property rights protection of the underlying DL models. Watermarki...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2020
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/5914 https://ink.library.smu.edu.sg/context/sis_research/article/6917/viewcontent/DeepLearning_icpads_2020_av.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-6917 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-69172021-05-07T09:24:27Z A deep learning framework supporting model ownership protection and traitor tracing XU, Guowen LI, Hongwei ZHANG, Yuan LIN, Xiaodong DENG, Robert H. SHEN, Xuemin (Sherman) Cloud-based deep learning (DL) solutions have been widely used in applications ranging from image recognition to speech recognition. Meanwhile, as commercial software and services, such solutions have raised the need for intellectual property rights protection of the underlying DL models. Watermarking is the mainstream of existing solutions to address this concern, by primarily embedding pre-defined secrets in a model's training process. However, existing efforts almost exclusively focus on detecting whether a target model is pirated, without considering traitor tracing. In this paper, we present SecureMark_DL, which enables a model owner to embed a unique fingerprint for every customer within parameters of a DL model, extract and verify the fingerprint from a pirated model, and hence trace the rogue customer who illegally distributed his model for profits. We demonstrate that SecureMark_DL is robust against various attacks including fingerprints collusion and network transformation (e.g., model compression and model fine-tuning). Extensive experiments conducted on MNIST and CIFAR10 datasets, as well as various types of deep neural network show the superiority of SecureMark_DL in terms of training accuracy and robustness against various types of attacks. 2020-12-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/5914 info:doi/10.1109/ICPADS51040.2020.00084 https://ink.library.smu.edu.sg/context/sis_research/article/6917/viewcontent/DeepLearning_icpads_2020_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Watermarking Cloud Computing Deep Learning Ownership Protection Traitor Tracing Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Watermarking Cloud Computing Deep Learning Ownership Protection Traitor Tracing Information Security |
| spellingShingle |
Watermarking Cloud Computing Deep Learning Ownership Protection Traitor Tracing Information Security XU, Guowen LI, Hongwei ZHANG, Yuan LIN, Xiaodong DENG, Robert H. SHEN, Xuemin (Sherman) A deep learning framework supporting model ownership protection and traitor tracing |
| description |
Cloud-based deep learning (DL) solutions have been widely used in applications ranging from image recognition to speech recognition. Meanwhile, as commercial software and services, such solutions have raised the need for intellectual property rights protection of the underlying DL models. Watermarking is the mainstream of existing solutions to address this concern, by primarily embedding pre-defined secrets in a model's training process. However, existing efforts almost exclusively focus on detecting whether a target model is pirated, without considering traitor tracing. In this paper, we present SecureMark_DL, which enables a model owner to embed a unique fingerprint for every customer within parameters of a DL model, extract and verify the fingerprint from a pirated model, and hence trace the rogue customer who illegally distributed his model for profits. We demonstrate that SecureMark_DL is robust against various attacks including fingerprints collusion and network transformation (e.g., model compression and model fine-tuning). Extensive experiments conducted on MNIST and CIFAR10 datasets, as well as various types of deep neural network show the superiority of SecureMark_DL in terms of training accuracy and robustness against various types of attacks. |
| format |
text |
| author |
XU, Guowen LI, Hongwei ZHANG, Yuan LIN, Xiaodong DENG, Robert H. SHEN, Xuemin (Sherman) |
| author_facet |
XU, Guowen LI, Hongwei ZHANG, Yuan LIN, Xiaodong DENG, Robert H. SHEN, Xuemin (Sherman) |
| author_sort |
XU, Guowen |
| title |
A deep learning framework supporting model ownership protection and traitor tracing |
| title_short |
A deep learning framework supporting model ownership protection and traitor tracing |
| title_full |
A deep learning framework supporting model ownership protection and traitor tracing |
| title_fullStr |
A deep learning framework supporting model ownership protection and traitor tracing |
| title_full_unstemmed |
A deep learning framework supporting model ownership protection and traitor tracing |
| title_sort |
deep learning framework supporting model ownership protection and traitor tracing |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2020 |
| url |
https://ink.library.smu.edu.sg/sis_research/5914 https://ink.library.smu.edu.sg/context/sis_research/article/6917/viewcontent/DeepLearning_icpads_2020_av.pdf |
| _version_ |
1770575662142193664 |