Misclassification-driven Fingerprinting for DNNs Using Frequency-aware GANs (original) (raw)

Misclassification-driven Fingerprinting for DNNs Using Frequency-aware GANs

Weixing Liu, Shenghua Zhong

Proceedings of the Thirty-Fourth International Joint Conference on Artificial Intelligence

Deep neural networks (DNNs) have become valuable assets due to their success in various tasks, but their high training costs also make them targets for model theft. Fingerprinting techniques are commonly used to verify model ownership, but existing methods either require training many additional models, leading to increased costs, or rely on GANs to generate fingerprints near decision boundaries, which may compromise image quality. To address these challenges, we propose a GAN-based fingerprint generation method that applies frequency-domain perturbations to normal samples, effectively creating fingerprints. This approach not only resists intellectual property (IP) threats, but also improves fingerprint acquisition efficiency while maintaining high imperceptibility. Extensive experiments demonstrate that our method achieves a state-of-the-art (SOTA) AUC of 0.98 on the Tiny-ImageNet dataset under IP removal attacks, outperforming existing methods by 8%, and consistently achieves the best ABP for three types of IP detection and erasure attacks on the GTSRB dataset. Our source code is available at https://github.com/wason981/Frequency-Fingerprinting.

Keywords:

Multidisciplinary Topics and Applications: MTA: Security and privacy

AI Ethics, Trust, Fairness: ETF: Safety and robustness

Computer Vision: CV: Adversarial learning, adversarial attack and defense methods