Robust and Lossless Fingerprinting of Deep Neural Networks via Pooled Membership Inference

by   Hanzhou Wu, et al.

Deep neural networks (DNNs) have already achieved great success in a lot of application areas and brought profound changes to our society. However, it also raises new security problems, among which how to protect the intellectual property (IP) of DNNs against infringement is one of the most important yet very challenging topics. To deal with this problem, recent studies focus on the IP protection of DNNs by applying digital watermarking, which embeds source information and/or authentication data into DNN models by tuning network parameters directly or indirectly. However, tuning network parameters inevitably distorts the DNN and therefore surely impairs the performance of the DNN model on its original task regardless of the degree of the performance degradation. It has motivated the authors in this paper to propose a novel technique called pooled membership inference (PMI) so as to protect the IP of the DNN models. The proposed PMI neither alters the network parameters of the given DNN model nor fine-tunes the DNN model with a sequence of carefully crafted trigger samples. Instead, it leaves the original DNN model unchanged, but can determine the ownership of the DNN model by inferring which mini-dataset among multiple mini-datasets was once used to train the target DNN model, which differs from previous arts and has remarkable potential in practice. Experiments also have demonstrated the superiority and applicability of this work.


Structural Watermarking to Deep Neural Networks via Network Channel Pruning

In order to protect the intellectual property (IP) of deep neural networ...

Verifying Integrity of Deep Ensemble Models by Lossless Black-box Watermarking with Sensitive Samples

With the widespread use of deep neural networks (DNNs) in many areas, mo...

Protect the Intellectual Property of Dataset against Unauthorized Use

Training high performance Deep Neural Networks (DNNs) models require lar...

A survey of deep neural network watermarking techniques

Protecting the Intellectual Property Rights (IPR) associated to Deep Neu...

Robust and Imperceptible Black-box DNN Watermarking Based on Fourier Perturbation Analysis and Frequency Sensitivity Clustering

Recently, more and more attention has been focused on the intellectual p...

On Functional Test Generation for Deep Neural Network IPs

Machine learning systems based on deep neural networks (DNNs) produce st...

Deep Serial Number: Computational Watermarking for DNN Intellectual Property Protection

In this paper, we introduce DSN (Deep Serial Number), a new watermarking...

Please sign up or login with your details

Forgot password? Click here to reset