Training DNN Model with Secret Key for Model Protection
MaungMaung AprilPyone, Hitoshi Kiya
TL;DR
This paper introduces a novel model protection technique using secret key-based pixel shuffling of input images, ensuring model security against various attacks while maintaining high accuracy with the correct key.
Contribution
The paper presents a new method for DNN model protection that employs block-wise pixel shuffling with a secret key during training, enhancing security without sacrificing performance.
Findings
Protected model accuracy is close to non-protected models with correct key.
Model security is robust against brute-force and fine-tuning attacks.
Accuracy drops significantly with incorrect key.
Abstract
In this paper, we propose a model protection method by using block-wise pixel shuffling with a secret key as a preprocessing technique to input images for the first time. The protected model is built by training with such preprocessed images. Experiment results show that the performance of the protected model is close to that of non-protected models when the key is correct, while the accuracy is severely dropped when an incorrect key is given, and the proposed model protection is robust against not only brute-force attacks but also fine-tuning attacks, while maintaining almost the same performance accuracy as that of using a non-protected model.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Digital Media Forensic Detection · Advanced Steganography and Watermarking Techniques