Model Provenance via Model DNA

TL;DR

This paper introduces Model DNA, a novel representation capturing unique model characteristics to determine the provenance of machine learning models, with applications in security and intellectual property protection.

Contribution

It proposes a new concept of Model DNA and a data-driven framework for accurately identifying model provenance across tasks and model types.

Findings

Effective in identifying model provenance in vision and NLP tasks

High accuracy across diverse models and datasets

Enhances security and IP protection for ML models

Abstract

Understanding the life cycle of the machine learning (ML) model is an intriguing area of research (e.g., understanding where the model comes from, how it is trained, and how it is used). This paper focuses on a novel problem within this field, namely Model Provenance (MP), which concerns the relationship between a target model and its pre-training model and aims to determine whether a source model serves as the provenance for a target model. This is an important problem that has significant implications for ensuring the security and intellectual property of machine learning models but has not received much attention in the literature. To fill in this gap, we introduce a novel concept of Model DNA which represents the unique characteristics of a machine learning model. We utilize a data-driven and model-driven representation learning method to encode the model's training data and input-output information as a compact and comprehensive representation (i.e., DNA) of the model. Using this model DNA, we develop an efficient framework for model provenance identification, which enables us to identify whether a source model is a pre-training model of a target model. We conduct evaluations on both computer vision and natural language processing tasks using various models, datasets, and scenarios to demonstrate the effectiveness of our approach in accurately identifying model provenance.