I Know What You See

Wei, Lingxiao; Luo, Bo; Li, Yu; Liu, Yannan; Xu, Qiang

doi:10.1145/3274694.3274696

Cited by 130 publications

(17 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Li et al [27] combine common data samples with exclusive "logos" and train models to predict them as specific labels so that the ownership of the model can be verified by a third party. Jia et al [28] propose entangled watermark embedding to address watermark removal attacks.…”

Section: Centralized Model Ip Protectionmentioning

confidence: 99%

FedRight: An Effective Model Copyright Protection for Federated Learning

Chen¹,

Li²,

Zheng³

2023

Preprint

View full text Add to dashboard Cite

Federated learning (FL), an effective distributed machine learning framework, implements model training and meanwhile protects local data privacy. It has been applied to a broad variety of practical areas due to their great performance and appreciable profits. Who really owns the model, and how to protect the copyright has become a real problem. Intuitively, the existing property rights protection methods in centralized scenarios (e.g., watermark embedding and model fingerprints) are possible solutions for FL. But they are still challenged by the distributed nature of FL in aspects of the no data sharing, parameter aggregation, and federated training settings. For the first time we formalize the problem of copyright protection for FL, and propose FedRight to protect model copyright based on model fingerprints, i.e., extracting model features by generating adversarial examples as model fingerprints. FedRight outperforms previous works in four key aspects: (i) Validity -it extracts model features to generate transferable fingerprints to train a detector to verify the copyright of the model. (ii) Fidelity -it is with imperceptible impact on the federated training, thus promises good main task performance. (iii) Robustness -it is empirically robust against malicious attack on copyright protection, i.e., fine-tuning, model pruning and adaptive attacks. (iv) Black-box -it is valid in black-box forensic scenario where only application programming interface calls to the model are available. Extensive evaluations across 3 datasets and 9 model structures demonstrate FedRight's superior fidelity, validity and robustness.

show abstract

Section: Centralized Model Ip Protectionmentioning

confidence: 99%

FedRight: An Effective Model Copyright Protection for Federated Learning

Chen¹,

Li²,

Zheng³

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…The secret is transmitted through transiently executed instructions that are destined to be flushed from the pipeline. In most cases, these vulnerabilities rely on timing differences required to access different data values, but other types disclosing gadgets exist [75,50]. As side-channels of this type arise from standard hardware behavior, transient execution vulnerabilities are not only difficult to mitigate, but nearly all current mitigation techniques either introduce a significant amount of overhead or do not protect all vulnerable microarchitectural structures [9].…”

Section: Transient Execution Attacksmentioning

confidence: 99%

SpecCheck: A Tool for Systematic Identification of Vulnerable Transient Execution in gem5

McKevitt,

Trivedi,

Lehman

2023

2023 32nd International Conference on Parallel Architectures and Compilation Techniques (PACT)

View full text Add to dashboard Cite

I would like to acknowledge my research advisor, Tamara Lehman, for being a fantastic mentor and teaching me everything I know about computer architecture and security throughout my past 3 years in the CU Architecture Research Lab . I would also like to thank the members of my committee, Ashutosh Trivedi and Qin Lv, for supporting and helping supervise both my BS and MS theses. I also want to thank my awesome lab mates/friends, Kidus, Jackson, and Phaedra, for making each day in the lab extremely fun and still (mostly) productive, as well as the rest of the Architecture Lab for always being willing to collaborate and help out when needed. Lastly, I want to thoroughly acknowledge my amazing parents, without whom this thesis would not be possible. Thank you to everyone for supporting me through this journey! v Contents Chapter

show abstract

“…Finally, Wei et al [164] proposed to use power side-channel attack on an FPGA-based convolutional neural network accelerator, which can successfully recover the input image using the power traces at the inference stage.…”

Section: Feature Estimation Attackmentioning

confidence: 99%

When Machine Learning Meets Privacy

et al. 2021

View full text Add to dashboard Cite

The newly emerged machine learning (e.g., deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as a big concern in this machine learning-based artificial intelligence era. It is important to note that the problem of privacy preservation in the context of machine learning is quite different from that in traditional data privacy protection, as machine learning can act as both friend and foe. Currently, the work on the preservation of privacy and machine learning are still in an infancy stage, as most existing solutions only focus on privacy problems during the machine learning process. Therefore, a comprehensive study on the privacy preservation problems and machine learning is required. This article surveys the state of the art in privacy issues and solutions for machine learning. The survey covers three categories of interactions between privacy and machine learning: (i) private machine learning, (ii) machine learning-aided privacy protection, and (iii) machine learning-based privacy attack and corresponding protection schemes. The current research progress in each category is reviewed and the key challenges are identified. Finally, based on our in-depth analysis of the area of privacy and machine learning, we point out future research directions in this field.

show abstract

I Know What You See

Cited by 130 publications

References 27 publications

FedRight: An Effective Model Copyright Protection for Federated Learning

FedRight: An Effective Model Copyright Protection for Federated Learning

SpecCheck: A Tool for Systematic Identification of Vulnerable Transient Execution in gem5

When Machine Learning Meets Privacy

Contact Info

Product

Resources

About