Authority Backdoor: A Certifiable Backdoor Mechanism for Authoring DNNs

• URL: http://arxiv.org/abs/2512.10600v1
• Date: Thu, 11 Dec 2025 12:50:39 GMT
• Title: Authority Backdoor: A Certifiable Backdoor Mechanism for Authoring DNNs
• Authors: Han Yang, Shaofeng Li, Tian Dong, Xiangyu Xu, Guangchi Liu, Zhen Ling,
• Abstract summary: Deep Neural Networks (DNNs) are valuable intellectual property and face unauthorized use.<n>This work proposes a proactive protection scheme, dubbed Authority Backdoor," which embeds access constraints directly into the model.
• Score: 17.259970385555004
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Deep Neural Networks (DNNs), as valuable intellectual property, face unauthorized use. Existing protections, such as digital watermarking, are largely passive; they provide only post-hoc ownership verification and cannot actively prevent the illicit use of a stolen model. This work proposes a proactive protection scheme, dubbed ``Authority Backdoor," which embeds access constraints directly into the model. In particular, the scheme utilizes a backdoor learning framework to intrinsically lock a model's utility, such that it performs normally only in the presence of a specific trigger (e.g., a hardware fingerprint). But in its absence, the DNN's performance degrades to be useless. To further enhance the security of the proposed authority scheme, the certifiable robustness is integrated to prevent an adaptive attacker from removing the implanted backdoor. The resulting framework establishes a secure authority mechanism for DNNs, combining access control with certifiable robustness against adversarial attacks. Extensive experiments on diverse architectures and datasets validate the effectiveness and certifiable robustness of the proposed framework.

Related papers

• CREDIT: Certified Ownership Verification of Deep Neural Networks Against Model Extraction Attacks [54.04030169323115]
  We introduce CREDIT, a certified ownership verification against Model Extraction Attacks (MEAs)<n>We quantify the similarity between DNN models, propose a practical verification threshold, and provide rigorous theoretical guarantees for ownership verification based on this threshold.<n>We extensively evaluate our approach on several mainstream datasets across different domains and tasks, achieving state-of-the-art performance.
  arXiv  Detail & Related papers  (2026-02-23T23:36:25Z)
• Towards Effective, Stealthy, and Persistent Backdoor Attacks Targeting Graph Foundation Models [62.87838888016534]
  Graph Foundation Models (GFMs) are pre-trained on diverse source domains and adapted to unseen targets.<n>Backdoor attacks against GFMs are non-trivial due to three key challenges.<n>We propose GFM-BA, a novel Backdoor Attack model against Graph Foundation Models.
  arXiv  Detail & Related papers  (2025-11-22T08:52:09Z)
• MARS: A Malignity-Aware Backdoor Defense in Federated Learning [51.77354308287098]
  Recently proposed state-of-the-art (SOTA) attack, 3DFed, uses an indicator mechanism to determine whether backdoor models have been accepted by the defender.<n>We propose a Malignity-Aware backdooR defenSe (MARS) that leverages backdoor energy to indicate the malicious extent of each neuron.<n>Experiments demonstrate that MARS can defend against SOTA backdoor attacks and significantly outperforms existing defenses.
  arXiv  Detail & Related papers  (2025-09-21T14:50:02Z)
• REFINE: Inversion-Free Backdoor Defense via Model Reprogramming [60.554146386198376]
  Backdoor attacks on deep neural networks (DNNs) have emerged as a significant security threat.<n>We propose REFINE, an inversion-free backdoor defense method based on model reprogramming.
  arXiv  Detail & Related papers  (2025-02-22T07:29:12Z)
• To Think or Not to Think: Exploring the Unthinking Vulnerability in Large Reasoning Models [56.19026073319406]
  Large Reasoning Models (LRMs) are designed to solve complex tasks by generating explicit reasoning traces before producing final answers.<n>We reveal a critical vulnerability in LRMs -- termed Unthinking -- wherein the thinking process can be bypassed by manipulating special tokens.<n>In this paper, we investigate this vulnerability from both malicious and beneficial perspectives.
  arXiv  Detail & Related papers  (2025-02-16T10:45:56Z)
• AuthNet: Neural Network with Integrated Authentication Logic [19.56843040375779]
  We propose a native authentication mechanism, called AuthNet, which integrates authentication logic as part of the model. AuthNet is compatible with any convolutional neural network, where our evaluations show that AuthNet successfully achieves the goal in rejecting unauthenticated users.
  arXiv  Detail & Related papers  (2024-05-24T10:44:22Z)
• Untargeted Backdoor Attack against Object Detection [69.63097724439886]
  We design a poison-only backdoor attack in an untargeted manner, based on task characteristics. We show that, once the backdoor is embedded into the target model by our attack, it can trick the model to lose detection of any object stamped with our trigger patterns.
  arXiv  Detail & Related papers  (2022-11-02T17:05:45Z)
• RIBAC: Towards Robust and Imperceptible Backdoor Attack against Compact DNN [28.94653593443991]
  Recently backdoor attack has become an emerging threat to the security of deep neural network (DNN) models. In this paper, we propose to study and develop Robust and Imperceptible Backdoor Attack against Compact DNN models (RIBAC)
  arXiv  Detail & Related papers  (2022-08-22T21:27:09Z)
• PCPT and ACPT: Copyright Protection and Traceability Scheme for DNN Models [13.043683635373213]
  Deep neural networks (DNNs) have achieved tremendous success in artificial intelligence (AI) fields. DNN models can be easily illegally copied, redistributed, or abused by criminals.
  arXiv  Detail & Related papers  (2022-06-06T12:12:47Z)
• Black-box Detection of Backdoor Attacks with Limited Information and Data [56.0735480850555]
  We propose a black-box backdoor detection (B3D) method to identify backdoor attacks with only query access to the model. In addition to backdoor detection, we also propose a simple strategy for reliable predictions using the identified backdoored models.
  arXiv  Detail & Related papers  (2021-03-24T12:06:40Z)
• ActiveGuard: An Active DNN IP Protection Technique via Adversarial Examples [10.058070050660104]
  ActiveGuard exploits adversarial examples as users' fingerprints to distinguish authorized users from unauthorized users. For ownership verification, the embedded watermark can be successfully extracted, while the normal performance of the DNN model will not be affected.
  arXiv  Detail & Related papers  (2021-03-02T07:16:20Z)
• Deep-Lock: Secure Authorization for Deep Neural Networks [9.0579592131111]
  Deep Neural Network (DNN) models are considered valuable Intellectual Properties (IP) in several business models. Prevention of IP theft and unauthorized usage of such DNN models has been raised as of significant concern by industry. We propose a generic and lightweight key-based model-locking scheme, which ensures that a locked model functions correctly only upon applying the correct secret key.
  arXiv  Detail & Related papers  (2020-08-13T15:22:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.