Search Results for author:
Found 15 papers, 0 papers with code
Turn Passive to Active: A Survey on Active Intellectual Property Protection of Deep Learning Models
In this review, we attempt to clearly elaborate on the connotation, attributes, and requirements of active DNN copyright protection, provide evaluation methods and metrics for active copyright protection, review and analyze existing work on active DL model intellectual property protection, discuss potential attacks that active DL model copyright protection techniques may face, and provide challenges and future directions for active DL model intellectual property protection.
InFIP: An Explainable DNN Intellectual Property Protection Method based on Intrinsic Features
Since the intrinsic feature is composed of unique interpretation of the model's decision, the intrinsic feature can be regarded as fingerprint of the model.
One-to-N & N-to-One: Two Advanced Backdoor Attacks Against Deep Learning Models
In this article, for the first time, we propose two advanced backdoor attacks, the multi-target backdoor attacks and multi-trigger backdoor attacks: 1) One-to-N attack, where the attacker can trigger multiple backdoor targets by controlling the different intensities of the same backdoor; 2) N-to-One attack, where such attack is triggered only when all the N backdoors are satisfied.
Detecting Recolored Image by Spatial Correlation
In this paper, we try to explore a solution from the perspective of the spatial correlation, which exhibits the generic detection capability for both conventional and deep learning-based recoloring.
Imperceptible and Multi-channel Backdoor Attack against Deep Neural Networks
Recent researches demonstrate that Deep Neural Networks (DNN) models are vulnerable to backdoor attacks.
Compression-Resistant Backdoor Attack against Deep Neural Networks
After training, the backdoor attack against DNN is robust to image compression.
Detect and remove watermark in deep neural networks via generative adversarial networks
Experimental evaluations on the MNIST and CIFAR10 datasets demonstrate that, the proposed method can effectively remove about 98% of the watermark in DNN models, as the watermark retention rate reduces from 100% to less than 2% after applying the proposed attack.
Detecting Backdoor in Deep Neural Networks via Intentional Adversarial Perturbations
Experimental results show that, the backdoor detection rate of the proposed defense method is 99. 63%, 99. 76% and 99. 91% on Fashion-MNIST, CIFAR-10 and GTSRB datasets, respectively.
AdvParams: An Active DNN Intellectual Property Protection Technique via Adversarial Perturbation Based Parameter Encryption
Moreover, the proposed method only needs to encrypt an extremely low number of parameters, and the proportion of the encrypted parameters of all the model's parameters is as low as 0. 000205%.
Protecting the Intellectual Properties of Deep Neural Networks with an Additional Class and Steganographic Images
To address these challenges, in this paper, we propose a method to protect the intellectual properties of DNN models by using an additional class and steganographic images.
Robust Backdoor Attacks against Deep Neural Networks in Real Physical World
In this paper, we propose a robust physical backdoor attack method, PTB (physical transformations for backdoors), to implement the backdoor attacks against deep learning models in the real physical world.
ActiveGuard: An Active DNN IP Protection Technique via Adversarial Examples
For ownership verification, the embedded watermark can be successfully extracted, while the normal performance of the DNN model will not be affected.
3D Invisible Cloak
on person stealth attacks, and propose 3D transformations to generate 3D invisible cloak.
NaturalAE: Natural and Robust Physical Adversarial Examples for Object Detectors
Experimental results demonstrate that, the generated adversarial examples are robust under various indoor and outdoor physical conditions, including different distances, angles, illuminations, and photographing.
SocialGuard: An Adversarial Example Based Privacy-Preserving Technique for Social Images
After being injected with the perturbation, the social image can easily fool the object detector, while its visual quality will not be degraded.
