AdvParams: An Active DNN Intellectual Property Protection Technique via Adversarial Perturbation based Parameter Encryption

نویسندگان

چکیده

A well-trained DNN model can be regarded as an intellectual property (IP) of the owner. To date, many IP protection methods have been proposed, but most them are watermarking based verification where owners only verify their ownership passively after copyright models has infringed. In this paper, we propose effective framework to actively protect from infringement. Specifically, encrypt model's parameters by perturbing with well-crafted adversarial perturbations. With encrypted parameters, accuracy drops significantly, which prevent malicious infringers using model. After encryption, positions and values added perturbations form a secret key. Authorized user use key decrypt Compared infringement occurs, proposed method in advance. Moreover, compared existing active methods, does not require additional training process model, introduces low computational overhead. Experimental results show that, test 80.65%, 81.16%, 87.91% on Fashion-MNIST, CIFAR-10, GTSRB, respectively. needs extremely number proportion all is 0.000205%. The experimental also indicate robust against fine-tuning attack pruning attack. for adaptive attackers know detailed steps method, demonstrated robust.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Intellectual Property Protection Via Hierarchical Watermarking

Intellectual property copyrights are protected by means of patents and nondisclosure agreements. In many cases however copyright laws cannot be effectively enforced due to the difficulty of proving or even detecting infringement. This problem is addressed in the paper using a scheme known as watermarking. The method consists of implanting a semi-transparent unique signature in the circuit’s int...

متن کامل

Active Hardware Metering for Intellectual Property Protection and Security

We introduce the first active hardware metering scheme that aims to protect integrated circuits (IC) intellectual property (IP) against piracy and runtime tampering. The novel metering method simultaneously employs inherent unclonable variability in modern manufacturing technology, and functionality preserving alternations of the structural IC specifications. Active metering works by enabling t...

متن کامل

Does Intellectual Property Lead to Intellectual Property Protection?

Researchers studying the differential commitment of countries to intellectual property rights, often appear to run into the claim that countries with a relatively higher and significantly changing technological base (the developed countries) opt for relatively stronger protection, whereas those with a relatively low and essentially unchanging technological base (the developing countries) opt fo...

متن کامل

International Protection of Intellectual Property

We study the incentives that governments have to protect intellectual property in a trading world economy. We consider a world economy with ongoing innovation in two countries that differ in market size and in their capacity for innovation. After describing the determination of national patent policies in a noncooperative regime of patent protection, we ask, “Why is intellectual property better...

متن کامل

Copyright Protection for Intellectual Property

Intellectual property takes several forms, the most important of which are patents, copyrights, and trade rights. Patents protect inventions. One can patent methods and processes, new varieties of plants, and (more weakly) designs. The VSI alliance proposed the usage of the three approaches for proper protection of IP designs. The detection approach directly interacts with the VLSI design, and ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ژورنال

عنوان ژورنال: IEEE Transactions on Emerging Topics in Computing

سال: 2022

ISSN: ['2168-6750', '2376-4562']

DOI: https://doi.org/10.1109/tetc.2022.3231012