Fingerprinting Deep Neural Networks Globally via Universal Adversarial Perturbations

Zirui Peng; Shaofeng Li; Guoxing Chen; Cheng Zhang; Haojin Zhu; Minhui Xue

2022 CVPR CVPR 2022

Fingerprinting Deep Neural Networks Globally via Universal Adversarial Perturbations

Abstract

In this paper, we propose a novel and practical mechanism which enables the service provider to verify whether a suspect model is stolen from the victim model via model extraction attacks. Our key insight is that the profile of a DNN model's decision boundary can be uniquely characterized by its Universal Adversarial Perturbations (UAPs). UAPs belong to a low-dimensional subspace and piracy models' subspaces are more consistent with victim model's subspace compared with non-piracy model. Based on this, we propose a UAP fingerprinting method for DNN models and train an encoder via contrastive learning that takes fingerprint as inputs, outputs a similarity score. Extensive studies show that our framework can detect model IP breaches with confidence > 99.99% within only 20 fingerprints of the suspect model. It has good generalizability across different model architectures and is robust against post-modifications on stolen models.

🌉 Interdisciplinary Bridge — Artificial Intelligence and Deep Learning and Machine Learning and Security & Privacy

🧭 Keyword Pioneer — ip protection

🐣 Hot Topic Early Bird — intellectual property

🐝 Cross-Pollinator — Artificial Intelligence, Computer Science, Computer Vision, Data Science & Analytics, Deep Learning, Healthcare & Medicine, Interdisciplinary, Knowledge & Reasoning, Machine Learning, Mathematics & Optimization, Natural Language Processing, Reinforcement Learning, Robotics, Security & Privacy, Speech & Audio

Authors

Zirui Peng , Shaofeng Li , Guoxing Chen , Cheng Zhang , Haojin Zhu , Minhui Xue

Topics

Artificial Intelligence > Core AI > AI Safety Artificial Intelligence > Core AI > Model Compression Machine Learning > Learning Types > Adversarial Learning Machine Learning > Learning Types > Contrastive Learning Machine Learning > Application Areas > Privacy Security & Privacy > Privacy Artificial Intelligence > Core AI > Privacy Artificial Intelligence > Core AI > Adversarial Learning Deep Learning > Learning Types > Contrastive Learning

Keywords

contrastive learning model fingerprinting intellectual property decision boundary model extraction universal adversarial perturbation neural network ip protection

Download PDF

Related papers

UniCoRN: A Unified Conditional Image Repainting Network 2022

Why Discard if You Can Recycle?: A Recycling Max Pooling Module for 3D Point Cloud Analysis 2022

All-in-One Image Restoration for Unknown Corruption 2022

Stability-Driven Contact Reconstruction From Monocular Color Images 2022

Forecasting Characteristic 3D Poses of Human Actions 2022