Two Birds with One Stone: Protecting DNN Models Against Unauthorized Inference and Domain Transfer
Primary Area: societal considerations including fairness, safety, privacy
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Keywords: Deep Neural Networks; IP Protection; Model Leakage; Domain Transfer
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.
Abstract: Deep neural network (DNN) models are valuable intellectual property (IP) owing to their impressive performance, which might be extracted for illegal use. While existing protection schemes primarily focus on preventing attackers from obtaining the well-performed model, the transferability of such extracted models has been largely under-explored, where attackers could transfer the model to another domain with good performance.
For the first time, this work jointly considers these two security concerns and proposes DeTrans, a DNN model protection framework that utilizes bi-level optimization to modify weights of highly transferable filters, so as to prevent both unauthorized inference and cross-domain transfer followed by model extraction.
Additionally, DeTrans ensures that the model functionality can be preserved for authorized users with specialized hardware support. The experiments demonstrate that DeTrans can significantly reduce accuracy in the source domain to random guessing and achieve up to an 81.23\% reduction in transferability to the target domain.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.
Supplementary Material: zip
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 3840
Loading