TY - GEN
T1 - Deep Serial Number
T2 - European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases, ECML PKDD 2023
AU - Tang, Ruixiang
AU - Du, Mengnan
AU - Hu, Xia
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023
Y1 - 2023
N2 - In this paper, we present DSN (Deep Serial Number), a simple yet effective watermarking algorithm designed specifically for deep neural networks (DNNs). Unlike traditional methods that incorporate identification signals into DNNs, our approach explores a novel Intellectual Property (IP) protection mechanism for DNNs, effectively thwarting adversaries from using stolen networks. Inspired by the success of serial numbers in safeguarding conventional software IP, we propose the first implementation of serial number embedding within DNNs. To achieve this, DSN is integrated into a knowledge distillation framework, in which a private teacher DNN is initially trained. Subsequently, its knowledge is distilled and imparted to a series of customized student DNNs. Each customer DNN functions correctly only upon input of a valid serial number. Experimental results across various applications demonstrate DSN’s efficacy in preventing unauthorized usage without compromising the original DNN performance. The experiments further show that DSN is resistant to different categories of watermark attacks.
AB - In this paper, we present DSN (Deep Serial Number), a simple yet effective watermarking algorithm designed specifically for deep neural networks (DNNs). Unlike traditional methods that incorporate identification signals into DNNs, our approach explores a novel Intellectual Property (IP) protection mechanism for DNNs, effectively thwarting adversaries from using stolen networks. Inspired by the success of serial numbers in safeguarding conventional software IP, we propose the first implementation of serial number embedding within DNNs. To achieve this, DSN is integrated into a knowledge distillation framework, in which a private teacher DNN is initially trained. Subsequently, its knowledge is distilled and imparted to a series of customized student DNNs. Each customer DNN functions correctly only upon input of a valid serial number. Experimental results across various applications demonstrate DSN’s efficacy in preventing unauthorized usage without compromising the original DNN performance. The experiments further show that DSN is resistant to different categories of watermark attacks.
KW - Deep Neural Network
KW - Intellectual Property Protection
KW - Watermark
UR - http://www.scopus.com/inward/record.url?scp=85174435483&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85174435483&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-43427-3_10
DO - 10.1007/978-3-031-43427-3_10
M3 - Conference contribution
AN - SCOPUS:85174435483
SN - 9783031434266
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 157
EP - 173
BT - Machine Learning and Knowledge Discovery in Databases
A2 - De Francisci Morales, Gianmarco
A2 - Bonchi, Francesco
A2 - Perlich, Claudia
A2 - Ruchansky, Natali
A2 - Kourtellis, Nicolas
A2 - Baralis, Elena
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 18 September 2023 through 22 September 2023
ER -