References & Citations
Computer Science > Computer Vision and Pattern Recognition
Title: A Protection Method of Trained CNN Model Using Feature Maps Transformed With Secret Key From Unauthorized Access
(Submitted on 1 Sep 2021)
Abstract: In this paper, we propose a model protection method for convolutional neural networks (CNNs) with a secret key so that authorized users get a high classification accuracy, and unauthorized users get a low classification accuracy. The proposed method applies a block-wise transformation with a secret key to feature maps in the network. Conventional key-based model protection methods cannot maintain a high accuracy when a large key space is selected. In contrast, the proposed method not only maintains almost the same accuracy as non-protected accuracy, but also has a larger key space. Experiments were carried out on the CIFAR-10 dataset, and results show that the proposed model protection method outperformed the previous key-based model protection methods in terms of classification accuracy, key space, and robustness against key estimation attacks and fine-tuning attacks.
Submission history
From: AprilPyone MaungMaung [view email][v1] Wed, 1 Sep 2021 07:47:05 GMT (266kb,D)
Link back to: arXiv, form interface, contact.