Paper 2018/322

DeepMarks: A Digital Fingerprinting Framework for Deep Neural Networks

Huili Chen, Bita Darvish Rohani, and Farinaz Koushanfar

Abstract

This paper proposes DeepMarks, a novel end-to-end framework for systematic fingerprinting in the context of Deep Learning (DL). Remarkable progress has been made in the area of deep learning. Sharing the trained DL models has become a trend that is ubiquitous in various fields ranging from biomedical diagnosis to stock prediction. As the availability and popularity of pre-trained models are increasing, it is critical to protect the Intellectual Property (IP) of the model owner. DeepMarks introduces the first fingerprinting methodology that enables the model owner to embed unique fingerprints within the parameters (weights) of her model and later identify undesired usages of her distributed models. The proposed framework embeds the fingerprints in the Probability Density Function (pdf) of trainable weights by leveraging the extra capacity available in contemporary DL models. DeepMarks is robust against fingerprints collusion as well as network transformation attacks, including model compression and model fine-tuning. Extensive proof-ofconcept evaluations on MNIST and CIFAR10 datasets, as well as a wide variety of deep neural networks architectures such as Convolutional Neural Networks (CNNs) and Wide Residual Networks (WRNs), corroborate the effectiveness and robustness of DeepMarks framework

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Contact author(s)
huc044 @ ucsd edu
History
2018-04-09: received
Short URL
https://ia.cr/2018/322
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/322,
      author = {Huili Chen and Bita Darvish Rohani and Farinaz Koushanfar},
      title = {DeepMarks: A Digital Fingerprinting Framework for Deep Neural Networks},
      howpublished = {Cryptology ePrint Archive, Paper 2018/322},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/322}},
      url = {https://eprint.iacr.org/2018/322}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.