Watermarking Deep Neural Networks for Embedded Systems

Deep neural networks (DNNs) have become an important tool for bringing intelligence to mobile and embedded devices. The increasingly wide deployment, sharing and potential commercialization of DNN models create a compelling need for intellectual property (IP) protection. Recently, DNN watermarking e...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD) s. 1 - 8
Hlavní autori: Guo, Jia, Potkonjak, Miodrag
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: ACM 01.11.2018
Predmet:
ACM Reference format
Cloud computing
deep neural networks
Embedded systems
Neural networks
Software algorithms
Watermarking
ISSN:1558-2434
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Deep neural networks (DNNs) have become an important tool for bringing intelligence to mobile and embedded devices. The increasingly wide deployment, sharing and potential commercialization of DNN models create a compelling need for intellectual property (IP) protection. Recently, DNN watermarking emerges as a plausible IP protection method. Enabling DNN watermarking on embedded devices in a practical setting requires a black-box approach. Existing DNN watermarking frameworks either fail to meet the black-box requirement or are susceptible to several forms of attacks. We propose a watermarking framework by incorporating the author's signature in the process of training DNNs. While functioning normally in regular cases, the resulting watermarked DNN behaves in a different, predefined pattern when given any signed inputs, thus proving the authorship. We demonstrate an example implementation of the framework on popular image classification datasets and show that strong watermarks can be embedded in the models.
ISSN:1558-2434
DOI:10.1145/3240765.3240862