MEA-Defender: A Robust Watermark against Model Extraction Attack

1 code implementation • 26 Jan 2024 • Peizhuo Lv, Hualong Ma, Kai Chen, Jiachen Zhou, Shengzhi Zhang, Ruigang Liang, Shenchen Zhu, Pan Li, Yingjun Zhang

To protect the Intellectual Property (IP) of the original owners over such DNN models, backdoor-based watermarks have been extensively studied.

Model extraction Self-Supervised Learning

SSL-WM: A Black-Box Watermarking Approach for Encoders Pre-trained by Self-supervised Learning

1 code implementation • 8 Sep 2022 • Peizhuo Lv, Pan Li, Shenchen Zhu, Shengzhi Zhang, Kai Chen, Ruigang Liang, Chang Yue, Fan Xiang, Yuling Cai, Hualong Ma, Yingjun Zhang, Guozhu Meng

Recent years have witnessed tremendous success in Self-Supervised Learning (SSL), which has been widely utilized to facilitate various downstream tasks in Computer Vision (CV) and Natural Language Processing (NLP) domains.

Self-Supervised Learning

AI-Lancet: Locating Error-inducing Neurons to Optimize Neural Networks

1 code implementation • ACM SIGSAC Conference on Computer and Communications Security 2021 • Yue Zhao, Hong Zhu, Kai Chen, Shengzhi Zhang

With the knowledge of error-inducing neurons, we propose two methods to fix the errors: the neuron-flip and the neuron-fine-tuning.

DBIA: Data-free Backdoor Injection Attack against Transformer Networks

1 code implementation • 22 Nov 2021 • Peizhuo Lv, Hualong Ma, Jiachen Zhou, Ruigang Liang, Kai Chen, Shengzhi Zhang, Yunfei Yang

In this paper, we propose DBIA, a novel data-free backdoor attack against the CV-oriented transformer networks, leveraging the inherent attention mechanism of transformers to generate triggers and injecting the backdoor using the poisoned surrogate dataset.

Backdoor Attack Image Classification +1

HufuNet: Embedding the Left Piece as Watermark and Keeping the Right Piece for Ownership Verification in Deep Neural Networks

no code implementations • 25 Mar 2021 • Peizhuo Lv, Pan Li, Shengzhi Zhang, Kai Chen, Ruigang Liang, Yue Zhao, Yingjiu Li

Most existing solutions embed backdoors in DNN model training such that DNN ownership can be verified by triggering distinguishable model behaviors with a set of secret inputs.

SoK: A Modularized Approach to Study the Security of Automatic Speech Recognition Systems

1 code implementation • 19 Mar 2021 • Yuxuan Chen, Jiangshan Zhang, Xuejing Yuan, Shengzhi Zhang, Kai Chen, XiaoFeng Wang, Shanqing Guo

In this paper, we present our systematization of knowledge for ASR security and provide a comprehensive taxonomy for existing work based on a modularized workflow.

Adversarial Attack Automatic Speech Recognition +3

Seeing isn't Believing: Practical Adversarial Attack Against Object Detectors

no code implementations • 26 Dec 2018 • Yue Zhao, Hong Zhu, Ruigang Liang, Qintao Shen, Shengzhi Zhang, Kai Chen

In this paper, we presented systematic solutions to build robust and practical AEs against real world object detectors.

Adversarial Attack Autonomous Driving +1

CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition

no code implementations • 24 Jan 2018 • Xuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Xiaokang Liu, Kai Chen, Shengzhi Zhang, Heqing Huang, Xiao-Feng Wang, Carl A. Gunter

For this purpose, we developed novel techniques that address a key technical challenge: integrating the commands into a song in a way that can be effectively recognized by ASR through the air, in the presence of background noise, while not being detected by a human listener.

Automatic Speech Recognition Automatic Speech Recognition (ASR) +1