Training DNN Model with Secret Key for Model Protection

  title={Training DNN Model with Secret Key for Model Protection},
  author={April Pyone Maung Maung and Hitoshi Kiya},
  journal={2020 IEEE 9th Global Conference on Consumer Electronics (GCCE)},
In this paper, we propose a model protection method by using block-wise pixel shuffling with a secret key as a preprocessing technique to input images for the first time. The protected model is built by training with such preprocessed images. Experiment results show that the performance of the protected model is close to that of non-protected models when the key is correct, while the accuracy is severely dropped when an incorrect key is given, and the proposed model protection has enough… 

Figures and Tables from this paper

Transfer Learning-Based Model Protection With Secret Key

In experiments with the ImageNet dataset, it was shown that the performance of a protected model was close to that of a nonprotected model when the correct key was given, while the accuracy tremendously dropped when an incorrect key was used.

A protection method of trained CNN model with a secret key from unauthorized access

A novel method for protecting convolutional neural network models with a secret key set so that unauthorized users without the correct key set cannot access trained models, and there is no overhead during training and inference processes.

A Protection Method of Trained CNN Model Using Feature Maps Transformed With Secret Key From Unauthorized Access

  • Maungmaung AprilpyoneH. Kiya
  • Computer Science
    2021 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC)
  • 2021
Results show that the proposed model protection method outperformed the previous key-based model protection methods in terms of classification accuracy, key space, and robustness against key estimation attacks and fine-tuning attacks.

Protecting Semantic Segmentation Models by Using Block-wise Image Encryption with Secret Key from Unauthorized Access

This paper proposes to protect semantic segmentation models from unauthorized access by utilizing block-wise transformation with a secret key for the first time and shows that the proposed protection method allows rightful users with the correct key to access the model to full capacity and deteriorate the performance for unauthorized users.

Access Control with Encrypted Feature Maps for Object Detection Models

The protected models allowed authorized users to obtain almost the same per- formance as that of non-protected models but also with robustness against unauthorized access without a key.

Piracy-Resistant DNN Watermarking by Block-Wise Image Transformation with Secret Key

The proposed DNN watermarking method embeds a watermark pattern in a model by using learnable transformed images and allows us to remotely verify the ownership of the model and show that it was resilient against fine-tuning and pruning attacks while maintaining a high watermark-detection accuracy.

AdvParams: An Active DNN Intellectual Property Protection Technique via Adversarial Perturbation Based Parameter Encryption

This paper encrypts the DNN model’s parameters by perturbing them with well-crafted adversarial perturbations, which can prevent malicious infringers from using the model and demonstrates the method to be robust against model fine-tuning attack and model pruning attack.

Sample-Specific Backdoor based Active Intellectual Property Protection for Deep Neural Networks

An active IP protection method for DNN in which a variant of sample-specific backdoor attack is utilized to implement active authorization control for Dnn models to protect the intellectual property (IP) of Deep Neural Network models.

Robust Black-box Watermarking for Deep Neural Network using Inverse Document Frequency

  • Mohammad Mehdi YadollahiFarzaneh ShoelehS. DadkhahA. Ghorbani
  • Computer Science
    2021 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)
  • 2021
This work proposes a framework for watermarking a DNN model designed for textual domain that is robust against well-known attacks such as parameter pruning and brute force attack, and accurately verifies the ownership of all surrogate models without impairing the performance.

Intellectual Property Protection for Deep Learning Models: Taxonomy, Methods, Attacks, and Evaluations

A survey on existing DNN IP protection works in terms of six attributes, especially focusing on the challenges these methods face, whether these methods can provide proactive protection, and their resistances to different levels of attacks.



Pixel-Based Image Encryption Without Key Management for Privacy-Preserving Deep Neural Networks

A novel pixel-based image encryption method that maintains important features of original images and is robust against ciphertext-only attacks (COAs) and data augmentation in the encrypted domain is proposed for privacy-preserving DNNs.

Encryption Inspired Adversarial Defense For Visual Classification

A new adversarial defense which is a defensive transform for both training and test images inspired by perceptual image encryption methods which outperforms state-of-the-art adversarial defenses including latent adversarial training, adversarialTraining and thermometer encoding.

Privacy-Preserving Deep Neural Networks with Pixel-Based Image Encryption Considering Data Augmentation in the Encrypted Domain

A novel pixel-based image encryption method is first proposed for privacy-preserving DNNs and it is demonstrated that conventional privacy- Preserving machine learning methods cannot be applied to data augmentation in the encrypted domain and that the proposed method outperforms them in terms of classification accuracy.

Visual Decoding of Hidden Watermark in Trained Deep Neural Network

This paper proposes watermarking to a trained DNN models to protect its copyright and has a remarkable feature for watermark detection process, which can decode the embedded pattern cumulatively and visually.

Learnable Image Encryption

  • Masayuki Tanaka
  • Computer Science
    2018 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW)
  • 2018
A learnable image encryption scheme is introduced to encrypt images, so that human cannot understand images but the network can be train with encrypted images, to train the network without the privacy issues.

Adversarial frontier stitching for remote neural network watermarking

This paper formally introduces the problem and proposes a novel zero-bit watermarking algorithm that makes use of adversarial model examples, and allows subsequent extraction of the watermark using only few queries.

Protecting Intellectual Property of Deep Neural Networks with Watermarking

By extending the intrinsic generalization and memorization capabilities of deep neural networks, the models to learn specially crafted watermarks at training and activate with pre-specified predictions when observing the watermark patterns at inference, this paper generalizes the "digital watermarking'' concept from multimedia ownership verification to deep neural network (DNN) models.

DeepSigns: A Generic Watermarking Framework for IP Protection of Deep Learning Models

DeepSigns, for the first time, introduces a generic watermarking methodology that can be used for protecting DL owner's IP rights in both white-box and black-box settings, where the adversary may or may not have the knowledge of the model internals.

Encryption-Then-Compression Systems Using Grayscale-Based Image Encryption for JPEG Images

A block scrambling-based encryption scheme is presented to enhance the security of Encryption-then-Compression (EtC) systems with JPEG compression, which allow us to securely transmit the images

Grayscale-based block scrambling image encryption using YCbCr color space for encryption-then-compression systems

Abstract A novel grayscale-based block scrambling image encryption scheme is presented not only to enhance security, but also to improve the compression performance for Encryption-then-Compression