IPGuard: Protecting Intellectual Property of Deep Neural Networks via Fingerprinting the Classification Boundary

@article{Cao2021IPGuardPI,
  title={IPGuard: Protecting Intellectual Property of Deep Neural Networks via Fingerprinting the Classification Boundary},
  author={Xiaoyu Cao and Jinyuan Jia and N. Gong},
  journal={Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security},
  year={2021}
}
  • Xiaoyu Cao, Jinyuan Jia, N. Gong
  • Published 2021
  • Computer Science
  • Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security
A deep neural network (DNN) classifier represents a model owner's intellectual property as training a DNN classifier often requires lots of resource. Watermarking was recently proposed to protect the intellectual property of DNN classifiers. However, watermarking suffers from a key limitation: it sacrifices the utility/accuracy of the model owner's classifier because it tampers the classifier's training or fine-tuning process. In this work, we propose IPGuard, the first method to protect… Expand
“Identity Bracelets” for Deep Neural Networks
Deep Neural Network Fingerprinting by Conferrable Adversarial Examples
DNN Intellectual Property Protection: Taxonomy, Methods, Attack Resistance, and Evaluations
ModelDiff: testing-based DNN similarity comparison for model reuse detection
Active DNN IP Protection: A Novel User Fingerprint Management and DNN Authorization Control Technique
Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding

References

SHOWING 1-10 OF 17 REFERENCES
DeepSigns: An End-to-End Watermarking Framework for Ownership Protection of Deep Neural Networks
Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring
Neural Network Model Extraction Attacks in Edge Devices by Hearing Architectural Hints
Reverse Engineering Convolutional Neural Networks Through Side-channel Information Leaks
Towards Evaluating the Robustness of Neural Networks
Adversarial examples in the physical world
Deep Residual Learning for Image Recognition
Aggregated Residual Transformations for Deep Neural Networks
Learning Multiple Layers of Features from Tiny Images
...
1
2
...