| Summary: | The power of deep learning and the enormous effort and money required to build a deep learning model makes stealing them a hugely worthwhile and highly lucrative endeavor. Worse still, model theft requires little more than a high-school understanding of computer functions, which ensures a healthy and vibrant black market full of choice for any would-be pirate. As such, estimating how many neural network models are likely to be illegally reproduced and distributed in future is almost impossible. Therefore, we propose an embedded `identity bracelet' for deep neural networks that acts as proof of a model's owner. Our solution is an extension to the existing trigger-set watermarking techniques that embeds a post-cryptographic-style serial number into the base deep neural network (DNN). Called a DNN-SN, this identifier works like an identity bracelet that proves a network's rightful owner. Further, a novel training method based on non-related multitask learning ensures that embedding the DNN-SN does not compromise model performance. Experimental evaluations of the framework confirm that a DNN-SN can be embedded into a model when training from scratch or in the student network component of Net2Net.
|
|---|
