DeepIPR: Deep Neural Network Ownership Verification With Passports

Li, Fan; Ng, Kam Woh; Chan, Chee Seng; Yang, Qiang

doi:10.1109/tpami.2021.3088846

Cited by 56 publications

(83 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Machine learning methods that allow ownership verifications of valuable models, especially large deep neural network models, have been successfully demonstrated by either detecting feature-based signatures embedded into models [88,89] , or verifying designated labels for backdoor samples that are injected into the models during the training stage [89,90] .…”

Section: Challengesmentioning

confidence: 99%

Federated Learning with Privacy-preserving and Model IP-right-protection

Yang

Huang²,

Li³

et al. 2023

Mach. Intell. Res.

Self Cite

View full text Add to dashboard Cite

In the past decades, artificial intelligence (AI) has achieved unprecedented success, where statistical models become the central entity in AI. However, the centralized training and inference paradigm for building and using these models is facing more and more privacy and legal challenges. To bridge the gap between data privacy and the need for data fusion, an emerging AI paradigm federated learning (FL) has emerged as an approach for solving data silos and data privacy problems. Based on secure distributed AI, federated learning emphasizes data security throughout the lifecycle, which includes the following steps: data preprocessing, training, evaluation, and deployments. FL keeps data security by using methods, such as secure multi-party computation (MPC), differential privacy, and hardware solutions, to build and use distributed multiple-party machine-learning systems and statistical models over different data sources. Besides data privacy concerns, we argue that the concept of “model” matters, when developing and deploying federated models, they are easy to expose to various kinds of risks including plagiarism, illegal copy, and misuse. To address these issues, we introduce FedIPR, a novel ownership verification scheme, by embedding watermarks into FL models to verify the ownership of FL models and protect model intellectual property rights (IPR or IP-right for short). While security is at the core of FL, there are still many articles referred to distributed machine learning with no security guarantee as “federated learning”, which are not satisfied with the FL definition supposed to be. To this end, in this paper, we reiterate the concept of federated learning and propose secure federated learning (SFL), where the ultimate goal is to build trustworthy and safe AI with strong privacy-preserving and IP-right-preserving. We provide a comprehensive overview of existing works, including threats, attacks, and defenses in each phase of SFL from the lifecycle perspective.

show abstract

Section: Challengesmentioning

confidence: 99%

Federated Learning with Privacy-preserving and Model IP-right-protection

Yang

Huang²,

Li³

et al. 2023

Mach. Intell. Res.

Self Cite

View full text Add to dashboard Cite

show abstract

“…We implement the baseline with a public DNN watermarking toolbox 2 . The second baseline involves the model modification by introducing the sign loss into the target model by injecting a passport layer for watermark verification [12]. Implementation Details.…”

Section: Experimental Settingmentioning

confidence: 99%

“…To conduct a comprehensive robustness evaluation, we explore the robustness of our method against transfer learning which is widely employed in the community [12]. Specifically, the model is pre-trained on the challenging dataset ImageNet.…”

Section: Evaluation On Robustnessmentioning

confidence: 99%

See 1 more Smart Citation

Free Fine-tuning: A Plug-and-Play Watermarking Scheme for Deep Neural Networks

Wang¹,

Ren²,

Li³

et al. 2022

Preprint

View full text Add to dashboard Cite

Watermarking has been widely adopted for protecting the intellectual property (IP) of Deep Neural Networks (DNN) to defend the unauthorized distribution. Unfortunately, the popular datapoisoning DNN watermarking scheme relies on target model finetuning to embed watermarks, which limits its practical applications in tackling real-world tasks. Specifically, the learning of watermarks via tedious model fine-tuning on a poisoned dataset (carefullycrafted sample-label pairs) is not efficient in tackling the tasks on challenging datasets and production-level DNN model protection.To address the aforementioned limitations, in this paper, we propose a plug-and-play watermarking scheme for DNN models by injecting an independent proprietary model into the target model to serve the watermark embedding and ownership verification. In contrast to the prior studies, our proposed method by incorporating a proprietary model is free of target model fine-tuning without involving any parameters update of the target model, thus the fidelity is well preserved. Furthermore, our method is scaleable to challenging datasets, large production-level models, and diverse tasks (e.g., speaker recognition). Experimental results on real-world challenging datasets (e.g., ImageNet) and real-world DNN models demonstrated its effectiveness, fidelity w.r.t. the functionality preserving of the target model, robustness against popular watermark removal attacks (i.e., fine-tuning attack, pruning, input preprocessing), and the plug-and-play deployment. Our proposed watermarking scheme also outperforms the two competitive baselines in terms of fidelity preserving and robustness against watermark removal attacks. Our research findings reveal that model fine-tuning with poisoned data is not prepared for the IP protection of DNN models deployed in real-world tasks and poses a new research direction toward a more thorough understanding and investigation of adopting the proprietary model for DNN watermarking. The source code and models are available at https://github.com/AntigoneRandy/PTYNet. CCS CONCEPTS• Security and privacy → Human and societal aspects of security and privacy; • Computing methodologies → Artificial intelligence.

show abstract

“…Cada organização tem sua própria propriedade intelectual e é um grande desafio para eles proteger seus dados, ou seja, pirataria de software ou injeção de código malicioso etc . Os ataques de ambiguidade visam lançar dúvidas sobre a verificação da propriedade intelectual, e representam sérias ameaças aos métodos de defesa existentes (FAN, 2021).…”

Section: Introductionunclassified

As principais ameaças digitais e suas formas de mitigação no contexto da segurança da propriedade intelectual

Holanda¹,

Bandeira²,

Menezes³

et al. 2022

CONJ

View full text Add to dashboard Cite

Considerando que a violação de dados digitais pode comprometer seriamente a propriedade intelectual organizacional, recursos, tempo e valor do produto, o presente estudo teve por objetivo identificar e analisar quais as principais ameaças digitais e suas formas de mitigação que se apresentam no sentido de garantir Segurança à Propriedade Intelectual (SPI) para os dados armazenados por meio digital. Foi realizada uma revisão Scoping Review, usando critérios do Cochrane Systematic Reviews associados ao PRISMA, na base Scopus e foram identificados 247 registros, usando os descritores digital threats e intellectual property. Por meio dos métodos de seleção e classificação foram analisados 28 artigos, que sinalizam que as principais ameaças para a SPI foram os ataques: Trojan, Brute Force, Engenharia social e Ransomware. As medidas como implementação de certificado e assinatura digital, criptografia de dados, autenticação forte, treinamento de equipe, uso de firewall modernos e bem configurados, uso de antivírus, política de backup e uma política de cibersegurança se mostram eficientes na mitigação dessas ameaças. Segurança digital é necessária e deve ser trabalhada para sua constante atualização.

show abstract

DeepIPR: Deep Neural Network Ownership Verification With Passports

Cited by 56 publications

References 12 publications

Federated Learning with Privacy-preserving and Model IP-right-protection

Federated Learning with Privacy-preserving and Model IP-right-protection

Free Fine-tuning: A Plug-and-Play Watermarking Scheme for Deep Neural Networks

As principais ameaças digitais e suas formas de mitigação no contexto da segurança da propriedade intelectual

Contact Info

Product

Resources

About