Turning your weakness into a strength: Watermarking deep neural networks by backdooring

Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, Joseph Keshet

פרסום מחקרי: פרק בספר / בדוח / בכנספרסום בספר כנסביקורת עמיתים

תקציר

Deep Neural Networks have recently gained lots of success after enabling several breakthroughs in notoriously challenging problems. Training these networks is computationally expensive and requires vast amounts of training data. Selling such pre-trained models can, therefore, be a lucrative business model. Unfortunately, once the models are sold they can be easily copied and redistributed. To avoid this, a tracking mechanism to identify models as the intellectual property of a particular vendor is necessary. In this work, we present an approach for watermarking Deep Neural Networks in a black-box way. Our scheme works for general classification tasks and can easily be combined with current learning algorithms. We show experimentally that such a watermark has no noticeable impact on the primary task that the model is designed for and evaluate the robustness of our proposal against a multitude of practical attacks. Moreover, we provide a theoretical analysis, relating our approach to previous work on backdooring.

שפה מקוריתאנגלית אמריקאית
כותר פרסום המארחProceedings of the 27th USENIX Security Symposium
עמודים1615-1631
מספר עמודים17
מסת"ב (אלקטרוני)9781939133045
סטטוס פרסוםפורסם - 2018
אירוע27th USENIX Security Symposium - Baltimore, ארצות הברית
משך הזמן: 15 אוג׳ 201817 אוג׳ 2018

סדרות פרסומים

שםProceedings of the 27th USENIX Security Symposium

כנס

כנס27th USENIX Security Symposium
מדינה/אזורארצות הברית
עירBaltimore
תקופה15/08/1817/08/18

ASJC Scopus subject areas

  • ???subjectarea.asjc.1700.1705???
  • ???subjectarea.asjc.1700.1710???
  • ???subjectarea.asjc.2200.2213???

טביעת אצבע

להלן מוצגים תחומי המחקר של הפרסום 'Turning your weakness into a strength: Watermarking deep neural networks by backdooring'. יחד הם יוצרים טביעת אצבע ייחודית.

פורמט ציטוט ביבליוגרפי