Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

12-2020

Abstract

Cloud-based deep learning (DL) solutions have been widely used in applications ranging from image recognition to speech recognition. Meanwhile, as commercial software and services, such solutions have raised the need for intellectual property rights protection of the underlying DL models. Watermarking is the mainstream of existing solutions to address this concern, by primarily embedding pre-defined secrets in a model's training process. However, existing efforts almost exclusively focus on detecting whether a target model is pirated, without considering traitor tracing. In this paper, we present SecureMark_DL, which enables a model owner to embed a unique fingerprint for every customer within parameters of a DL model, extract and verify the fingerprint from a pirated model, and hence trace the rogue customer who illegally distributed his model for profits. We demonstrate that SecureMark_DL is robust against various attacks including fingerprints collusion and network transformation (e.g., model compression and model fine-tuning). Extensive experiments conducted on MNIST and CIFAR10 datasets, as well as various types of deep neural network show the superiority of SecureMark_DL in terms of training accuracy and robustness against various types of attacks.

Keywords

Watermarking, Cloud Computing, Deep Learning, Ownership Protection, Traitor Tracing

Discipline

Information Security

Research Areas

Cybersecurity

Publication

2020 IEEE International Conference on Parallel and Distributed Systems 26th ICPADS: Virtual, December 2-4: Proceedings

First Page

438

Last Page

446

ISBN

9781728190747

Identifier

10.1109/ICPADS51040.2020.00084

Publisher

IEEE Computer Society

City or Country

Los Alamitos, CA

Embargo Period

5-7-2021

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/ICPADS51040.2020.00084

Share

COinS