Deep-Lock: Secure Authorization for Deep Neural Networks

• URL: http://arxiv.org/abs/2008.05966v2
• Date: Sun, 18 Feb 2024 18:32:50 GMT
• Title: Deep-Lock: Secure Authorization for Deep Neural Networks
• Authors: Manaar Alam and Sayandeep Saha and Debdeep Mukhopadhyay and Sandip Kundu
• Abstract summary: Deep Neural Network (DNN) models are considered valuable Intellectual Properties (IP) in several business models. Prevention of IP theft and unauthorized usage of such DNN models has been raised as of significant concern by industry. We propose a generic and lightweight key-based model-locking scheme, which ensures that a locked model functions correctly only upon applying the correct secret key.
• Score: 9.0579592131111
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Trained Deep Neural Network (DNN) models are considered valuable Intellectual Properties (IP) in several business models. Prevention of IP theft and unauthorized usage of such DNN models has been raised as of significant concern by industry. In this paper, we address the problem of preventing unauthorized usage of DNN models by proposing a generic and lightweight key-based model-locking scheme, which ensures that a locked model functions correctly only upon applying the correct secret key. The proposed scheme, known as Deep-Lock, utilizes S-Boxes with good security properties to encrypt each parameter of a trained DNN model with secret keys generated from a master key via a key scheduling algorithm. The resulting dense network of encrypted weights is found robust against model fine-tuning attacks. Finally, Deep-Lock does not require any intervention in the structure and training of the DNN models, making it applicable for all existing software and hardware implementations of DNN.

Related papers

• DNNShield: Embedding Identifiers for Deep Neural Network Ownership Verification [46.47446944218544]
  This paper introduces DNNShield, a novel approach for protection of Deep Neural Networks (DNNs) DNNShield embeds unique identifiers within the model architecture using specialized protection layers. We validate the effectiveness and efficiency of DNNShield through extensive evaluations across three datasets and four model architectures.
  arXiv  Detail & Related papers  (2024-03-11T10:27:36Z)
• Securing Graph Neural Networks in MLaaS: A Comprehensive Realization of Query-based Integrity Verification [68.86863899919358]
  We introduce a groundbreaking approach to protect GNN models in Machine Learning from model-centric attacks. Our approach includes a comprehensive verification schema for GNN's integrity, taking into account both transductive and inductive GNNs. We propose a query-based verification technique, fortified with innovative node fingerprint generation algorithms.
  arXiv  Detail & Related papers  (2023-12-13T03:17:05Z)
• Deep Intellectual Property Protection: A Survey [70.98782484559408]
  Deep Neural Networks (DNNs) have made revolutionary progress in recent years, and are widely used in various fields. The goal of this paper is to provide a comprehensive survey of two mainstream DNN IP protection methods: deep watermarking and deep fingerprinting.
  arXiv  Detail & Related papers  (2023-04-28T03:34:43Z)
• The #DNN-Verification Problem: Counting Unsafe Inputs for Deep Neural Networks [94.63547069706459]
  #DNN-Verification problem involves counting the number of input configurations of a DNN that result in a violation of a safety property. We propose a novel approach that returns the exact count of violations. We present experimental results on a set of safety-critical benchmarks.
  arXiv  Detail & Related papers  (2023-01-17T18:32:01Z)
• An Embarrassingly Simple Approach for Intellectual Property Rights Protection on Recurrent Neural Networks [11.580808497808341]
  This paper proposes a practical approach for the intellectual property protection on recurrent neural networks (RNNs) We introduce the Gatekeeper concept that resembles that the recurrent nature in RNN architecture to embed keys. Our protection scheme is robust and effective against ambiguity and removal attacks in both white-box and black-box protection schemes.
  arXiv  Detail & Related papers  (2022-10-03T07:25:59Z)
• Robust and Lossless Fingerprinting of Deep Neural Networks via Pooled Membership Inference [17.881686153284267]
  Deep neural networks (DNNs) have already achieved great success in a lot of application areas and brought profound changes to our society. How to protect the intellectual property (IP) of DNNs against infringement is one of the most important yet very challenging topics. This paper proposes a novel technique called emphpooled membership inference (PMI) so as to protect the IP of the DNN models.
  arXiv  Detail & Related papers  (2022-09-09T04:06:29Z)
• DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories [26.067920958354]
  One of the major threats to the privacy of Deep Neural Networks (DNNs) is model extraction attacks. Recent studies show hardware-based side channel attacks can reveal internal knowledge about DNN models (e.g., model architectures) We propose an advanced model extraction attack framework DeepSteal that effectively steals DNN weights with the aid of memory side-channel attack.
  arXiv  Detail & Related papers  (2021-11-08T16:55:45Z)
• HufuNet: Embedding the Left Piece as Watermark and Keeping the Right Piece for Ownership Verification in Deep Neural Networks [16.388046449021466]
  We propose a novel solution for watermarking deep neural networks (DNNs) HufuNet is highly robust against model fine-tuning/pruning, kernels cutoff/supplement, functionality-equivalent attack, and fraudulent ownership claims.
  arXiv  Detail & Related papers  (2021-03-25T06:55:22Z)
• Deep Serial Number: Computational Watermarking for DNN Intellectual Property Protection [53.40245698216239]
  DSN (Deep Serial Number) is a watermarking algorithm designed specifically for deep neural networks (DNNs) Inspired by serial numbers in safeguarding conventional software IP, we propose the first implementation of serial number embedding within DNNs.
  arXiv  Detail & Related papers  (2020-11-17T21:42:40Z)
• DeepHammer: Depleting the Intelligence of Deep Neural Networks through Targeted Chain of Bit Flips [29.34622626909906]
  We demonstrate the first hardware-based attack on quantized deep neural networks (DNNs) DeepHammer is able to successfully tamper DNN inference behavior at run-time within a few minutes. Our work highlights the need to incorporate security mechanisms in future deep learning system.
  arXiv  Detail & Related papers  (2020-03-30T18:51:59Z)
• CryptoSPN: Privacy-preserving Sum-Product Network Inference [84.88362774693914]
  We present a framework for privacy-preserving inference of sum-product networks (SPNs) CryptoSPN achieves highly efficient and accurate inference in the order of seconds for medium-sized SPNs.
  arXiv  Detail & Related papers  (2020-02-03T14:49:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.