检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:张圣尧 潘旭东 张谧[1] ZHANG Sheng-Yao;PAN Xu-Dong;ZHANG Mi(School of Computer Science,Fudan University,Shanghai 200438,China)
机构地区:[1]复旦大学计算机科学技术学院,上海200438
出 处:《计算机系统应用》2024年第4期1-12,共12页Computer Systems & Applications
基 金:国家自然科学基金(61972099)。
摘 要:在核心任务场景下训练深度神经网络(DNN)需要越来越多的算力资源,这刺激了基于云端预测API接口的模型的窃取与盗用,同时也违反了模型所有者的知识产权.为了追踪公开的非法模型副本,深度神经网络的模型指纹技术为希望保持模型完整性的模型所有者提供了一种强大的版权验证方案.然而,现有的模型指纹方案主要基于输出层面的内在痕迹(例如:特定输入样本下的错误预测行为),这导致在模型指纹验证阶段缺乏隐蔽性.本文基于模型预测时的显著图(saliency map)痕迹,提出了一种全新的任意下游任务通用的模型指纹方案.本文的方案提出了受约束的显著图操控目标,构建标签不变和自然的指纹样本,显著提高了模型指纹的隐蔽性.根据对3种典型任务场景下全面的评估结果,本文提出的方法被证明能够显著地增强现有方案的指纹版权验证的效果,同时保持高度的模型指纹隐蔽性.Training of deep neural networks(DNN)in mission-critical scenarios involves increasingly more resources,which stimulates model stealing from prediction API at the cloud and violates the intellectual property rights of the model owners.To trace public illegal model copies,DNN model fingerprint provides a promising copyright verification option for model owners who want to preserve the model integrity.However,existing fingerprinting schemes are mainly based on output-level traces(e.g.,mis-prediction behavior on special inputs)to cause limited stealthiness during model fingerprint verification.This study proposes a novel task-agnostic fingerprinting scheme based on saliency map traces of model prediction.The proposed scheme puts forward a constrained manipulation objective of saliency maps to construct clean-label and natural fingerprint samples,thus significantly improving the stealthiness of model fingerprints.According to extensive evaluation results on three typical tasks,this scheme is proven to substantially enhance the fingerprint effectiveness of existing schemes and remain highly stealthy of model fingerprints.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.17.135.12