USENIX Security '18 - Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks...
Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring Carsten Baum Bar Ilan University Abstract: Deep Neural Networks h...
USENIX
2.0K views β’ Sep 18, 2018
About this video
Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring
Carsten Baum
Bar Ilan University
Abstract:
Deep Neural Networks have recently gained lots of success after enabling several breakthroughs in notoriously challenging problems. Training these networks is computationally expensive and requires vast amounts of training data. Selling such pre-trained models can, therefore, be a lucrative business model. Unfortunately, once the models are sold they can be easily copied and redistributed. To avoid this, a tracking mechanism to identify models as the intellectual property of a particular vendor is necessary. In this work, we present an approach for watermarking Deep Neural Networks in a black-box way. Our scheme works for general classification tasks and can easily be combined with current learning algorithms. We show experimentally that such a watermark has no noticeable impact on the primary task that the model is designed for and evaluate the robustness of our proposal against a multitude of practical attacks. Moreover, we provide a theoretical analysis, relating our approach to previous work on backdooring.
View the full USENIX Security '18 program at https://www.usenix.org/usenixsecurity18/technical-sessions
Carsten Baum
Bar Ilan University
Abstract:
Deep Neural Networks have recently gained lots of success after enabling several breakthroughs in notoriously challenging problems. Training these networks is computationally expensive and requires vast amounts of training data. Selling such pre-trained models can, therefore, be a lucrative business model. Unfortunately, once the models are sold they can be easily copied and redistributed. To avoid this, a tracking mechanism to identify models as the intellectual property of a particular vendor is necessary. In this work, we present an approach for watermarking Deep Neural Networks in a black-box way. Our scheme works for general classification tasks and can easily be combined with current learning algorithms. We show experimentally that such a watermark has no noticeable impact on the primary task that the model is designed for and evaluate the robustness of our proposal against a multitude of practical attacks. Moreover, we provide a theoretical analysis, relating our approach to previous work on backdooring.
View the full USENIX Security '18 program at https://www.usenix.org/usenixsecurity18/technical-sessions
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
2.0K
Likes
22
Duration
27:27
Published
Sep 18, 2018
User Reviews
4.3
(1) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.