Internet Archive Scholar

Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring [article]

Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, Joseph Keshet
2018 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (501.6 kB)
https://web.archive.org/web/20191017130156/https://arxiv.org/pdf/1802.04633v3.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL. The file type is application/pdf.

Other Versions

2018 pre-print
arXiv:1802.04633v1 fatcat:a6nbhzb5m5drxnm5hya2urqcxe
2018 pre-print
arXiv:1802.04633v2 fatcat:nk5su4rudjh63eddpsfpq2fzly
Deep Neural Networks have recently gained lots of success after enabling several breakthroughs in notoriously challenging problems. Training these networks is computationally expensive and requires vast amounts of training data. Selling such pre-trained models can, therefore, be a lucrative business model. Unfortunately, once the models are sold they can be easily copied and redistributed. To avoid this, a tracking mechanism to identify models as the intellectual property of a particular vendor
more » ... is necessary. In this work, we present an approach for watermarking Deep Neural Networks in a black-box way. Our scheme works for general classification tasks and can easily be combined with current learning algorithms. We show experimentally that such a watermark has no noticeable impact on the primary task that the model is designed for and evaluate the robustness of our proposal against a multitude of practical attacks. Moreover, we provide a theoretical analysis, relating our approach to previous work on backdooring.
arXiv:1802.04633v3 fatcat:qaojyy4ccngafl66z4hkqwyuwm
Multiple Versions
Citation

Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, Joseph Keshet. "Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring." arXiv (2018)