TY - GEN
T1 - DeepTrace
T2 - 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
AU - Wang, Runhao
AU - Kang, Jiexiang
AU - Yin, Wei
AU - Wang, Hui
AU - Sun, Haiying
AU - Chen, Xiaohong
AU - Gao, Zhongjie
AU - Wang, Shuning
AU - Liu, Jing
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Deep Neural Networks (DNN) has gained great success in solving several challenging problems in recent years. It is well known that training a DNN model from scratch requires a lot of data and computational resources. However, using a pre-trained model directly or using it to initialize weights cost less time and often gets better results. Therefore, well pre-trained DNN models are valuable intellectual property that we should protect. In this work, we propose DeepTrace, a framework for model owners to secretly fingerprinting the target DNN model using a special trigger set and verifying from outputs. An embedded fingerprint can be extracted to uniquely identify the information of model owner and authorized users. Our framework benefits from both white-box and black-box verification, which makes it useful whether we know the model details or not. We evaluate the performance of DeepTrace on two different datasets, with different DNN architectures. Our experiment shows that, with the advantages of combining white-box and black-box verification, our framework has very little effect on model accuracy, and is robust against different model modifications. It also consumes very little computing resources when extracting fingerprint.
AB - Deep Neural Networks (DNN) has gained great success in solving several challenging problems in recent years. It is well known that training a DNN model from scratch requires a lot of data and computational resources. However, using a pre-trained model directly or using it to initialize weights cost less time and often gets better results. Therefore, well pre-trained DNN models are valuable intellectual property that we should protect. In this work, we propose DeepTrace, a framework for model owners to secretly fingerprinting the target DNN model using a special trigger set and verifying from outputs. An embedded fingerprint can be extracted to uniquely identify the information of model owner and authorized users. Our framework benefits from both white-box and black-box verification, which makes it useful whether we know the model details or not. We evaluate the performance of DeepTrace on two different datasets, with different DNN architectures. Our experiment shows that, with the advantages of combining white-box and black-box verification, our framework has very little effect on model accuracy, and is robust against different model modifications. It also consumes very little computing resources when extracting fingerprint.
KW - Deep Neural Networks
KW - Digital Fingerprinting
KW - Intellectual Property Protection
UR - https://www.scopus.com/pages/publications/85127389764
U2 - 10.1109/TrustCom53373.2021.00042
DO - 10.1109/TrustCom53373.2021.00042
M3 - 会议稿件
AN - SCOPUS:85127389764
T3 - Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
SP - 188
EP - 195
BT - Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
A2 - Zhao, Liang
A2 - Kumar, Neeraj
A2 - Hsu, Robert C.
A2 - Zou, Deqing
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 20 October 2021 through 22 October 2021
ER -