GanFinger: GAN-Based Fingerprint Generation for Deep Neural Network
Ownership Verification
- URL: http://arxiv.org/abs/2312.15617v1
- Date: Mon, 25 Dec 2023 05:35:57 GMT
- Title: GanFinger: GAN-Based Fingerprint Generation for Deep Neural Network
Ownership Verification
- Authors: Huali Ren, Anli Yan, Xiaojun Ren, Pei-Gen Ye, Chong-zhi Gao, Zhili
Zhou, Jin Li
- Abstract summary: We propose a network fingerprinting approach, named as GanFinger, to construct the network fingerprints based on the network behavior.
GanFinger significantly outperforms the state-of-the-arts in efficiency, stealthiness, and discriminability.
It achieves a remarkable 6.57 times faster in fingerprint generation and boosts the ARUC value by 0.175, resulting in a relative improvement of about 26%.
- Score: 8.00359513511764
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Deep neural networks (DNNs) are extensively employed in a wide range of
application scenarios. Generally, training a commercially viable neural network
requires significant amounts of data and computing resources, and it is easy
for unauthorized users to use the networks illegally. Therefore, network
ownership verification has become one of the most crucial steps in safeguarding
digital assets. To verify the ownership of networks, the existing network
fingerprinting approaches perform poorly in the aspects of efficiency,
stealthiness, and discriminability. To address these issues, we propose a
network fingerprinting approach, named as GanFinger, to construct the network
fingerprints based on the network behavior, which is characterized by network
outputs of pairs of original examples and conferrable adversarial examples.
Specifically, GanFinger leverages Generative Adversarial Networks (GANs) to
effectively generate conferrable adversarial examples with imperceptible
perturbations. These examples can exhibit identical outputs on copyrighted and
pirated networks while producing different results on irrelevant networks.
Moreover, to enhance the accuracy of fingerprint ownership verification, the
network similarity is computed based on the accuracy-robustness distance of
fingerprint examples'outputs. To evaluate the performance of GanFinger, we
construct a comprehensive benchmark consisting of 186 networks with five
network structures and four popular network post-processing techniques. The
benchmark experiments demonstrate that GanFinger significantly outperforms the
state-of-the-arts in efficiency, stealthiness, and discriminability. It
achieves a remarkable 6.57 times faster in fingerprint generation and boosts
the ARUC value by 0.175, resulting in a relative improvement of about 26%.
Related papers
- Locality Sensitive Hashing for Network Traffic Fingerprinting [5.062312533373298]
We use locality-sensitive hashing (LSH) for network traffic fingerprinting.
Our method increases the accuracy of state-of-the-art by 12% achieving around 94% accuracy in identifying devices in a network.
arXiv Detail & Related papers (2024-02-12T21:14:37Z) - AFR-Net: Attention-Driven Fingerprint Recognition Network [47.87570819350573]
We improve initial studies on the use of vision transformers (ViT) for biometric recognition, including fingerprint recognition.
We propose a realignment strategy using local embeddings extracted from intermediate feature maps within the networks to refine the global embeddings in low certainty situations.
This strategy can be applied as a wrapper to any existing deep learning network (including attention-based, CNN-based, or both) to boost its performance.
arXiv Detail & Related papers (2022-11-25T05:10:39Z) - Vehicle: Interfacing Neural Network Verifiers with Interactive Theorem
Provers [1.5749416770494706]
Vehicle is equipped with an expressive domain specific language for stating neural network specifications.
It overcomes previous issues with maintainability and scalability in similar ITP formalisations.
We demonstrate its utility by using it to connect the neural network verifier Marabou to Agda and then formally verifying that a car steered by a neural network never leaves the road.
arXiv Detail & Related papers (2022-02-10T18:09:23Z) - Relational Graph Neural Networks for Fraud Detection in a Super-App
environment [53.561797148529664]
We propose a framework of relational graph convolutional networks methods for fraudulent behaviour prevention in the financial services of a Super-App.
We use an interpretability algorithm for graph neural networks to determine the most important relations to the classification task of the users.
Our results show that there is an added value when considering models that take advantage of the alternative data of the Super-App and the interactions found in their high connectivity.
arXiv Detail & Related papers (2021-07-29T00:02:06Z) - A Probabilistic Approach to Neural Network Pruning [20.001091112545065]
We theoretically study the performance of two pruning techniques (random and magnitude-based) on FCNs and CNNs.
The results establish that there exist pruned networks with expressive power within any specified bound from the target network.
arXiv Detail & Related papers (2021-05-20T23:19:43Z) - Benchmarking Quantized Neural Networks on FPGAs with FINN [0.42439262432068253]
Using lower precision comes at the cost of negligible loss in accuracy.
This article aims to assess the impact of mixed-precision when applied to neural networks deployed on FPGAs.
arXiv Detail & Related papers (2021-02-02T06:42:07Z) - Enabling certification of verification-agnostic networks via
memory-efficient semidefinite programming [97.40955121478716]
We propose a first-order dual SDP algorithm that requires memory only linear in the total number of network activations.
We significantly improve L-inf verified robust accuracy from 1% to 88% and 6% to 40% respectively.
We also demonstrate tight verification of a quadratic stability specification for the decoder of a variational autoencoder.
arXiv Detail & Related papers (2020-10-22T12:32:29Z) - Network Adjustment: Channel Search Guided by FLOPs Utilization Ratio [101.84651388520584]
This paper presents a new framework named network adjustment, which considers network accuracy as a function of FLOPs.
Experiments on standard image classification datasets and a wide range of base networks demonstrate the effectiveness of our approach.
arXiv Detail & Related papers (2020-04-06T15:51:00Z) - Resolution Adaptive Networks for Efficient Inference [53.04907454606711]
We propose a novel Resolution Adaptive Network (RANet), which is inspired by the intuition that low-resolution representations are sufficient for classifying "easy" inputs.
In RANet, the input images are first routed to a lightweight sub-network that efficiently extracts low-resolution representations.
High-resolution paths in the network maintain the capability to recognize the "hard" samples.
arXiv Detail & Related papers (2020-03-16T16:54:36Z) - ReActNet: Towards Precise Binary Neural Network with Generalized
Activation Functions [76.05981545084738]
We propose several ideas for enhancing a binary network to close its accuracy gap from real-valued networks without incurring any additional computational cost.
We first construct a baseline network by modifying and binarizing a compact real-valued network with parameter-free shortcuts.
We show that the proposed ReActNet outperforms all the state-of-the-arts by a large margin.
arXiv Detail & Related papers (2020-03-07T02:12:02Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.