Protection against Cloning for Deep Learning
Richard Kenway
TL;DR
This paper proposes a novel method using the Renormalisation Group framework to protect deep learning models against cloning and adversarial attacks by imperceptibly poisoning outputs, enhancing security.
Contribution
It introduces a new approach leveraging RG theory to prevent model cloning and adversarial perturbations without impairing legitimate use.
Findings
RG-based poisoning effectively prevents weight cloning
Method maintains model performance on legitimate tasks
Enhances security against adversarial data generation
Abstract
The susceptibility of deep learning to adversarial attack can be understood in the framework of the Renormalisation Group (RG) and the vulnerability of a specific network may be diagnosed provided the weights in each layer are known. An adversary with access to the inputs and outputs could train a second network to clone these weights and, having identified a weakness, use them to compute the perturbation of the input data which exploits it. However, the RG framework also provides a means to poison the outputs of the network imperceptibly, without affecting their legitimate use, so as to prevent such cloning of its weights and thereby foil the generation of adversarial data.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning