DeepCore: Simple Fingerprint Construction for Differentiating Homologous and Piracy Models
Haifeng Sun, Lan Zhang, Xiang-Yang Li
TL;DR
DeepCore introduces a novel fingerprinting method that leverages confidence and behavioral discrepancies to effectively distinguish piracy models from homologous models, improving copyright protection for deep models.
Contribution
The paper presents DeepCore, a new approach that constructs core points based on confidence optimization and behavioral analysis to identify piracy models more accurately.
Findings
DeepCore achieves lower false and missed identification rates.
It outperforms existing state-of-the-art methods.
Effective in diverse piracy model scenarios.
Abstract
As intellectual property rights, the copyright protection of deep models is becoming increasingly important. Existing work has made many attempts at model watermarking and fingerprinting, but they have ignored homologous models trained with similar structures or training datasets. We highlight challenges in efficiently querying black-box piracy models to protect model copyrights without misidentifying homologous models. To address these challenges, we propose a novel method called DeepCore, which discovers that the classification confidence of the model is positively correlated with the distance of the predicted sample from the model decision boundary and piracy models behave more similarly at high-confidence classified sample points. Then DeepCore constructs core points far away from the decision boundary by optimizing the predicted confidence of a few sample points and leverages…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Forensic Fingerprint Detection Methods