TY - GEN
T1 - DNN Intellectual Property Protection
T2 - 31st Great Lakes Symposium on VLSI, GLSVLSI 2021
AU - Xue, Mingfu
AU - Wang, Jian
AU - Liu, Weiqiang
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/6/22
Y1 - 2021/6/22
N2 - Since the training of deep neural networks (DNN) models requires massive training data, time and expensive hardware resources, the trained DNN model is oftentimes regarded as an intellectual property (IP). Recent researches show that DNN is vulnerable to illegal copy, redistribution and abuse. In order to protect DNN from infringement, a number of DNN IP protection solutions have been proposed in recent years. This paper presents a survey on DNN IP protection methods. First, we propose the first taxonomy for DNN IP protection methods in terms of six attributes: scenario, mechanism, capacity, type, function, and target models. Then, we summarize the existing DNN IP protection works with a focus on the challenges they face as well as their ability to provide proactive protection and resist different levels of attacks. After that, the potential attacks on existing methods from the aspects of model modifications, evasion attacks, and active attacks are analyzed, and a systematic evaluation method for DNN IP protection methods with respect to basic functional metrics, attack-resistance metrics, and customized metrics for different application scenarios is given. Finally, future research opportunities and challenges on DNN IP protection are prospected.
AB - Since the training of deep neural networks (DNN) models requires massive training data, time and expensive hardware resources, the trained DNN model is oftentimes regarded as an intellectual property (IP). Recent researches show that DNN is vulnerable to illegal copy, redistribution and abuse. In order to protect DNN from infringement, a number of DNN IP protection solutions have been proposed in recent years. This paper presents a survey on DNN IP protection methods. First, we propose the first taxonomy for DNN IP protection methods in terms of six attributes: scenario, mechanism, capacity, type, function, and target models. Then, we summarize the existing DNN IP protection works with a focus on the challenges they face as well as their ability to provide proactive protection and resist different levels of attacks. After that, the potential attacks on existing methods from the aspects of model modifications, evasion attacks, and active attacks are analyzed, and a systematic evaluation method for DNN IP protection methods with respect to basic functional metrics, attack-resistance metrics, and customized metrics for different application scenarios is given. Finally, future research opportunities and challenges on DNN IP protection are prospected.
KW - attack resistance
KW - deep neural networks
KW - intellectual property protection
KW - machine learning security
KW - proactive protection
UR - https://www.scopus.com/pages/publications/85109217001
U2 - 10.1145/3453688.3461752
DO - 10.1145/3453688.3461752
M3 - 会议稿件
AN - SCOPUS:85109217001
T3 - Proceedings of the ACM Great Lakes Symposium on VLSI, GLSVLSI
SP - 455
EP - 460
BT - GLSVLSI 2021 - Proceedings of the 2021 Great Lakes Symposium on VLSI
PB - Association for Computing Machinery
Y2 - 22 June 2021 through 25 June 2021
ER -