Please use this identifier to cite or link to this item:
Full metadata record
DC FieldValueLanguage
dc.contributor.authorZheng, Yueen_US
dc.contributor.authorWang, Sien_US
dc.contributor.authorChang, Chip Hongen_US
dc.identifier.citationZheng, Y., Wang, S. & Chang, C. H. (2022). A DNN fingerprint for non-repudiable model ownership identification and piracy detection. IEEE Transactions On Information Forensics and Security, 17, 2977-2989.
dc.description.abstractA high-performance Deep Neural Network (DNN) model is a valuable intellectual property (IP) since designing and training such a model from scratch is very costly. Model transfer learning, compression and retraining are commonly used by pirates to evade detection or even redeploy the pirated models for new applications without compromising performance. This paper presents a novel non-intrusive DNN IP fingerprinting method that can detect pirated models and provide a nonrepudiable and irrevocable ownership proof simultaneously. The fingerprint is derived from projecting a subset of front-layer weights onto a model owner identity defined random space to enable a distinguisher to differentiate pirated models that are used in the same application or retrained for a different task from originally designed DNN models. The proposed method generates compact and irrevocable fingerprints against model IP misappropriation and ownership fraud. It requires no retraining and makes no modification to the original model. The proposed fingerprinting method is evaluated on nine original DNN models trained on CIFAR-10, CIFAR-100, and ImageNet-10. It is demonstrated to have the highest discriminative power among existing fingerprinting methods in detecting pirated models deployed for the same and different applications, and fraudulent model IP ownership claims.en_US
dc.description.sponsorshipNational Research Foundation (NRF)en_US
dc.relation.ispartofIEEE Transactions on Information Forensics and Securityen_US
dc.rights© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at:
dc.subjectEngineering::Electrical and electronic engineeringen_US
dc.titleA DNN fingerprint for non-repudiable model ownership identification and piracy detectionen_US
dc.typeJournal Articleen
dc.contributor.schoolSchool of Electrical and Electronic Engineeringen_US
dc.contributor.researchCentre for Integrated Circuits and Systemsen_US
dc.description.versionSubmitted/Accepted versionen_US
dc.subject.keywordsDNN IP Protectionen_US
dc.subject.keywordsRandom Projectionen_US
dc.subject.keywordsCross Applicationen_US
dc.description.acknowledgementThis research is supported by the National Research Foundation, Singapore, under its National Cybersecurity R&D Programme/Cyber- Hardware Forensic & Assurance Evaluation R&D Programme (Award: CHFA-GC1-AW01).en_US
item.fulltextWith Fulltext-
Appears in Collections:EEE Journal Articles
Files in This Item:
File Description SizeFormat 
dnn_ip.pdfA DNN Fingerprint for Non-repudiable Model Ownership Identification and Piracy Detection2.91 MBAdobe PDFThumbnail

Citations 50

Updated on Nov 30, 2023

Web of ScienceTM
Citations 50

Updated on Oct 23, 2023

Page view(s)

Updated on Dec 3, 2023

Download(s) 50

Updated on Dec 3, 2023

Google ScholarTM




Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.