Safe Distillation Box
- URL: http://arxiv.org/abs/2112.03695v1
- Date: Sun, 5 Dec 2021 05:01:55 GMT
- Title: Safe Distillation Box
- Authors: Jingwen Ye, Yining Mao, Jie Song, Xinchao Wang, Cheng Jin, Mingli Song
- Abstract summary: We propose a novel framework, termed as Safe Distillation Box (SDB), that allows us to wrap a pre-trained model in a virtual box for intellectual property protection.
SDB preserves the inference capability of the wrapped model to all users, but precludes KD from unauthorized users.
For authorized users, on the other hand, SDB carries out a knowledge augmentation scheme to strengthen the KD performances and the results of the student model.
- Score: 62.32105311993915
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Knowledge distillation (KD) has recently emerged as a powerful strategy to
transfer knowledge from a pre-trained teacher model to a lightweight student,
and has demonstrated its unprecedented success over a wide spectrum of
applications. In spite of the encouraging results, the KD process per se poses
a potential threat to network ownership protection, since the knowledge
contained in network can be effortlessly distilled and hence exposed to a
malicious user. In this paper, we propose a novel framework, termed as Safe
Distillation Box (SDB), that allows us to wrap a pre-trained model in a virtual
box for intellectual property protection. Specifically, SDB preserves the
inference capability of the wrapped model to all users, but precludes KD from
unauthorized users. For authorized users, on the other hand, SDB carries out a
knowledge augmentation scheme to strengthen the KD performances and the results
of the student model. In other words, all users may employ a model in SDB for
inference, but only authorized users get access to KD from the model. The
proposed SDB imposes no constraints over the model architecture, and may
readily serve as a plug-and-play solution to protect the ownership of a
pre-trained network. Experiments across various datasets and architectures
demonstrate that, with SDB, the performance of an unauthorized KD drops
significantly while that of an authorized gets enhanced, demonstrating the
effectiveness of SDB.
Related papers
- Speculative Knowledge Distillation: Bridging the Teacher-Student Gap Through Interleaved Sampling [81.00825302340984]
We introduce Speculative Knowledge Distillation (SKD) to generate high-quality training data on-the-fly.
In SKD, the student proposes tokens, and the teacher replaces poorly ranked ones based on its own distribution.
We evaluate SKD on various text generation tasks, including translation, summarization, math, and instruction following.
arXiv Detail & Related papers (2024-10-15T06:51:25Z) - Robust Knowledge Distillation Based on Feature Variance Against Backdoored Teacher Model [13.367731896112861]
Knowledge distillation (KD) is one of the widely used compression techniques for edge deployment.
This paper proposes RobustKD, a robust KD that compresses the model while mitigating backdoor based on feature variance.
arXiv Detail & Related papers (2024-06-01T11:25:03Z) - Revisiting Data-Free Knowledge Distillation with Poisoned Teachers [47.513721590643435]
Data-free knowledge distillation (KD) helps transfer knowledge from a pre-trained model to a smaller model (known as the student model) without access to the original training data used for training the teacher model.
However, the security of the synthetic or out-of-distribution (OOD) data required in data-free KD is largely unknown and under-explored.
We propose Anti-Backdoor Data-Free KD, the first plug-in defensive method for data-free KD methods to mitigate the chance of potential backdoors being transferred.
arXiv Detail & Related papers (2023-06-04T14:27:50Z) - DisCo: Effective Knowledge Distillation For Contrastive Learning of
Sentence Embeddings [36.37939188680754]
We propose an enhanced knowledge distillation framework termed Distill-Contrast (DisCo)
DisCo transfers the capability of a large sentence embedding model to a small student model on large unlabelled data.
We also propose Contrastive Knowledge Distillation (CKD) to enhance the consistencies among teacher model training, KD, and student model finetuning.
arXiv Detail & Related papers (2021-12-10T16:11:23Z) - How and When Adversarial Robustness Transfers in Knowledge Distillation? [137.11016173468457]
This paper studies how and when the adversarial robustness can be transferred from a teacher model to a student model in Knowledge distillation (KD)
We show that standard KD training fails to preserve adversarial robustness, and we propose KD with input gradient alignment (KDIGA) for remedy.
Under certain assumptions, we prove that the student model using our proposed KDIGA can achieve at least the same certified robustness as the teacher model.
arXiv Detail & Related papers (2021-10-22T21:30:53Z) - Undistillable: Making A Nasty Teacher That CANNOT teach students [84.6111281091602]
This paper introduces and investigates a concept called Nasty Teacher: a specially trained teacher network that yields nearly the same performance as a normal one.
We propose a simple yet effective algorithm to build the nasty teacher, called self-undermining knowledge distillation.
arXiv Detail & Related papers (2021-05-16T08:41:30Z) - KDExplainer: A Task-oriented Attention Model for Explaining Knowledge
Distillation [59.061835562314066]
We introduce a novel task-oriented attention model, termed as KDExplainer, to shed light on the working mechanism underlying the vanilla KD.
We also introduce a portable tool, dubbed as virtual attention module (VAM), that can be seamlessly integrated with various deep neural networks (DNNs) to enhance their performance under KD.
arXiv Detail & Related papers (2021-05-10T08:15:26Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.