Turning your weakness into a strength: Watermarking deep neural networks by backdooring

Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, Joseph Keshet

نتاج البحث: فصل من :كتاب / تقرير / مؤتمرمنشور من مؤتمرمراجعة النظراء


Deep Neural Networks have recently gained lots of success after enabling several breakthroughs in notoriously challenging problems. Training these networks is computationally expensive and requires vast amounts of training data. Selling such pre-trained models can, therefore, be a lucrative business model. Unfortunately, once the models are sold they can be easily copied and redistributed. To avoid this, a tracking mechanism to identify models as the intellectual property of a particular vendor is necessary. In this work, we present an approach for watermarking Deep Neural Networks in a black-box way. Our scheme works for general classification tasks and can easily be combined with current learning algorithms. We show experimentally that such a watermark has no noticeable impact on the primary task that the model is designed for and evaluate the robustness of our proposal against a multitude of practical attacks. Moreover, we provide a theoretical analysis, relating our approach to previous work on backdooring.

اللغة الأصليةإنجليزيّة أمريكيّة
عنوان منشور المضيفProceedings of the 27th USENIX Security Symposium
عدد الصفحات17
رقم المعيار الدولي للكتب (الإلكتروني)9781939133045
حالة النشرنُشِر - 2018
الحدث27th USENIX Security Symposium - Baltimore, الولايات المتّحدة
المدة: ١٥ أغسطس ٢٠١٨١٧ أغسطس ٢٠١٨

سلسلة المنشورات

الاسمProceedings of the 27th USENIX Security Symposium


!!Conference27th USENIX Security Symposium
الدولة/الإقليمالولايات المتّحدة

All Science Journal Classification (ASJC) codes

  • !!Computer Networks and Communications
  • !!Information Systems
  • !!Safety, Risk, Reliability and Quality


أدرس بدقة موضوعات البحث “Turning your weakness into a strength: Watermarking deep neural networks by backdooring'. فهما يشكلان معًا بصمة فريدة.

قم بذكر هذا