Related papers: Steganographic Passport: An Owner and User Verifiable Credential for Deep Model IP Protection Without Retraining

Steganographic Passport: An Owner and User Verifiable Credential for Deep Model IP Protection Without Retraining

URL: http://arxiv.org/abs/2404.02889v1
Date: Wed, 3 Apr 2024 17:44:02 GMT
Title: Steganographic Passport: An Owner and User Verifiable Credential for Deep Model IP Protection Without Retraining
Authors: Qi Cui, Ruohan Meng, Chaohui Xu, Chip-Hong Chang,
Abstract summary: Current passport-based methods that obfuscate model functionality for license-to-use and ownership verifications suffer from capacity and quality constraints. We propose Steganographic Passport, which uses an invertible steganographic network to decouple license-to-use from ownership verification. An irreversible and collision-resistant hash function is used to avoid exposing the owner-side passport from the derived user-side passports.
Score: 9.617679554145301
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Ensuring the legal usage of deep models is crucial to promoting trustable, accountable, and responsible artificial intelligence innovation. Current passport-based methods that obfuscate model functionality for license-to-use and ownership verifications suffer from capacity and quality constraints, as they require retraining the owner model for new users. They are also vulnerable to advanced Expanded Residual Block ambiguity attacks. We propose Steganographic Passport, which uses an invertible steganographic network to decouple license-to-use from ownership verification by hiding the user's identity images into the owner-side passport and recovering them from their respective user-side passports. An irreversible and collision-resistant hash function is used to avoid exposing the owner-side passport from the derived user-side passports and increase the uniqueness of the model signature. To safeguard both the passport and model's weights against advanced ambiguity attacks, an activation-level obfuscation is proposed for the verification branch of the owner's model. By jointly training the verification and deployment branches, their weights become tightly coupled. The proposed method supports agile licensing of deep models by providing a strong ownership proof and license accountability without requiring a separate model retraining for the admission of every new user. Experiment results show that our Steganographic Passport outperforms other passport-based deep model protection methods in robustness against various known attacks.

Related papers

EnTruth: Enhancing the Traceability of Unauthorized Dataset Usage in Text-to-image Diffusion Models with Minimal and Robust Alterations [73.94175015918059]
We introduce a novel approach, EnTruth, which Enhances Traceability of unauthorized dataset usage. By strategically incorporating the template memorization, EnTruth can trigger the specific behavior in unauthorized models as the evidence of infringement. Our method is the first to investigate the positive application of memorization and use it for copyright protection, which turns a curse into a blessing.
arXiv Detail & Related papers (2024-06-20T02:02:44Z)
Who Leaked the Model? Tracking IP Infringers in Accountable Federated Learning [51.26221422507554]
Federated learning (FL) is an effective collaborative learning framework to coordinate data and computation resources from massive and distributed clients in training. Such collaboration results in non-trivial intellectual property (IP) represented by the model parameters that should be protected and shared by the whole party rather than an individual user. To block such IP leakage, it is essential to make the IP identifiable in the shared model and locate the anonymous infringer who first leaks it. We propose Decodable Unique Watermarking (DUW) for complying with the requirements of accountable FL.
arXiv Detail & Related papers (2023-12-06T00:47:55Z)
FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature [60.99054146321459]
Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
arXiv Detail & Related papers (2023-05-10T12:10:02Z)
DeepHider: A Multi-module and Invisibility Watermarking Scheme for Language Model [0.0]
This paper proposes a new threat of replacing the model classification module and performing global fine-tuning of the model. We use the properties of blockchain such as tamper-proof and traceability to prevent the ownership statement of thieves. Experiments show that the proposed scheme successfully verifies ownership with 100% watermark verification accuracy.
arXiv Detail & Related papers (2022-08-09T11:53:24Z)
MOVE: Effective and Harmless Ownership Verification via Embedded External Features [109.19238806106426]
We propose an effective and harmless model ownership verification (MOVE) to defend against different types of model stealing simultaneously. We conduct the ownership verification by verifying whether a suspicious model contains the knowledge of defender-specified external features. In particular, we develop our MOVE method under both white-box and black-box settings to provide comprehensive model protection.
arXiv Detail & Related papers (2022-08-04T02:22:29Z)
Resurrecting Trust in Facial Recognition: Mitigating Backdoor Attacks in Face Recognition to Prevent Potential Privacy Breaches [7.436067208838344]
Deep learning is widely utilized for face recognition (FR) However, such models are vulnerable to backdoor attacks executed by malicious parties. We propose BA-BAM: Biometric Authentication - Backdoor Attack Mitigation.
arXiv Detail & Related papers (2022-02-18T13:53:55Z)
FedIPR: Ownership Verification for Federated Deep Neural Network Models [31.459374163080994]
Federated learning models must be protected against plagiarism since these models are built upon valuable training data owned by multiple institutions or people. This paper illustrates a novel federated deep neural network (FedDNN) ownership verification scheme that allows ownership signatures to be embedded and verified to claim legitimate intellectual property rights (IPR) of FedDNN models.
arXiv Detail & Related papers (2021-09-27T12:51:24Z)
PASS: Protected Attribute Suppression System for Mitigating Bias in Face Recognition [55.858374644761525]
Face recognition networks encode information about sensitive attributes while being trained for identity classification. Existing bias mitigation approaches require end-to-end training and are unable to achieve high verification accuracy. We present a descriptors-based adversarial de-biasing approach called Protected Attribute Suppression System ( PASS)' Pass can be trained on top of descriptors obtained from any previously trained high-performing network to classify identities and simultaneously reduce encoding of sensitive attributes.
arXiv Detail & Related papers (2021-08-09T00:39:22Z)
Passport-aware Normalization for Deep Model Protection [122.61289882357022]
We propose a new passport-aware normalization formulation for deep learning models. It only needs to add another passport-aware branch for IP protection. It is demonstrated to be robust not only to common attack techniques like fine-tuning and model compression, but also to ambiguity attacks.
arXiv Detail & Related papers (2020-10-29T17:57:12Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.