DNNShield: Protecting DNNs with Unique Identifiers

DNNShield introduces protection layers with unique identifiers to safeguard DNNs against theft and unauthorized use, ensuring ownership verification without the need for secret keys. The approach seamlessly integrates protection layers into model architectures, offering robust defense against various attacks.

DNNShield addresses the vulnerability of DNNs to theft and unauthorized use by embedding unique identifiers within the model architecture. The protection layers ensure secure training and deployment while maintaining high resilience against attacks. By eliminating the reliance on secret keys, developers can claim ownership multiple times with minimal impact on performance. The surge in popularity of machine learning has led to significant investments in training Deep Neural Networks (DNNs). However, these models are valuable assets that require intellectual property protection measures. Existing methods like Watermarking and Passporting have limitations that DNNShield aims to overcome. Watermarking involves embedding markers within the model during training, but it requires key secrecy for ownership verification. Passporting adds extra layers to entangle model parameters but has drawbacks like additional learning overhead and vulnerability to attacks. DNNShield offers a novel approach by integrating untrainable protection layers into the model architecture without introducing additional trainable parameters. The proposed method empowers developers to protect their DNNs and intellectual property rights efficiently. By incorporating unique identifiers into the model architecture, DNNShield ensures ownership verification without relying on secrecy or compromising performance.

Notably, our approach achieves security with minimal performance and computational overhead (less than 5% runtime increase). We validate the effectiveness and efficiency of DNNShield through extensive evaluations across three datasets and four model architectures. The protected models should preserve their functionality while allowing for unrestricted inference. The accuracy metric assesses a model’s predictive capabilities, expressing the ratio of correct predictions for a set of input samples. Cosine similarity is used for analyzing data similarity between two vectors. Fine-Tuning is an attack where adversaries continue model training on a comparable dataset to remove identifiers. Pruning decreases the size of DNNs by strategically removing parameters while maintaining acceptable performance.

"Our approach seamlessly integrates two types of Protection layers into the model architecture." "DNNShield empowers developers to protect their DNNs and intellectual property rights efficiently."