Paper Info
Title
A DNN Fingerprint for Non-Repudiable Model Ownership Identification and Piracy Detection
Abstract
A high-performance Deep Neural Network (DNN) model is a valuable intellectual property (IP) since designing and training such a model from scratch is very costly. Model transfer learning, compression and retraining are commonly used by pirates to evade detection or even redeploy the pirated models for new applications without compromising performance. This paper presents a novel non-intrusive DNN IP fingerprinting method that can detect pirated models and provide a non-repudiable and irrevocable ownership proof simultaneously. The fingerprint is derived from projecting a subset of front-layer weights onto a model owner identity defined random space to enable a distinguisher to differentiate pirated models that are used in the same application or retrained for a different task from originally designed DNN models. The proposed method generates compact and irrevocable fingerprints against model IP misappropriation and ownership fraud. It requires no retraining and makes no modification to the original model. The proposed fingerprinting method is evaluated on nine original DNN models trained on CIFAR-10, CIFAR-100, and ImageNet-10. It is demonstrated to have the highest discriminative power among existing fingerprinting methods in detecting pirated models deployed for the same and different applications, and fraudulent model IP ownership claims.
Year
DOI
Venue
2022
10.1109/TIFS.2022.3198267
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
Keywords
DocType
Volume
Feature extraction, Watermarking, Training, Data models, Convolution, Computational modeling, Predictive models, DNN IP protection, fingerprinting, random projection, cross application, ownership
Journal
17
ISSN
Citations 
PageRank 
1556-6013
0
0.34
References 
Authors
0
3
Name
Order
Citations
PageRank
Yue Zheng100.34
Si Wang200.34
Chip-Hong Chang31160123.27