Authority Backdoor: A Certifiable Backdoor Mechanism for Authoring DNNs

TL;DR

This paper introduces an 'Authority Backdoor' mechanism that embeds access control into DNNs, ensuring only authorized use with certifiable robustness against attacks, thus protecting intellectual property proactively.

Contribution

It proposes a novel proactive protection scheme for DNNs that combines access control with certifiable robustness, advancing beyond passive watermarking methods.

Findings

Effectively locks model utility with specific triggers.

Demonstrates robustness against adaptive attacks.

Validates effectiveness across multiple architectures and datasets.

Abstract

Deep Neural Networks (DNNs), as valuable intellectual property, face unauthorized use. Existing protections, such as digital watermarking, are largely passive; they provide only post-hoc ownership verification and cannot actively prevent the illicit use of a stolen model. This work proposes a proactive protection scheme, dubbed ``Authority Backdoor," which embeds access constraints directly into the model. In particular, the scheme utilizes a backdoor learning framework to intrinsically lock a model's utility, such that it performs normally only in the presence of a specific trigger (e.g., a hardware fingerprint). But in its absence, the DNN's performance degrades to be useless. To further enhance the security of the proposed authority scheme, the certifiable robustness is integrated to prevent an adaptive attacker from removing the implanted backdoor. The resulting framework establishes a secure authority mechanism for DNNs, combining access control with certifiable robustness against adversarial attacks. Extensive experiments on diverse architectures and datasets validate the effectiveness and certifiable robustness of the proposed framework.