Fang-Qi Li

Hongyu Zhu, Sichu Liang, Wentao Hu et al.

As a modern ensemble technique, Deep Forest (DF) employs a cascading structure to construct deep models, providing stronger representational power compared to traditional decision forests. However, its greedy multi-layer learning procedure is prone to overfitting, limiting model effectiveness and generalizability. This paper presents an optimized Deep Forest, featuring learnable, layerwise data augmentation policy schedules. Specifically, We introduce the Cut Mix for Tabular data (CMT) augmentation technique to mitigate overfitting and develop a population-based search algorithm to tailor augmentation intensity for each layer. Additionally, we propose to incorporate outputs from intermediate layers into a checkpoint ensemble for more stable performance. Experimental results show that our method sets new state-of-the-art (SOTA) benchmarks in various tabular classification tasks, outperforming shallow tree ensembles, deep forests, deep neural network, and AutoML competitors. The learned policies also transfer effectively to Deep Forest variants, underscoring its potential for enhancing non-differentiable deep learning modules in tabular signal processing.

Fang-Qi Li, Shi-Lin Wang, Yun Zhu

The wide application of deep learning techniques is boosting the regulation of deep learning models, especially deep neural networks (DNN), as commercial products. A necessary prerequisite for such regulations is identifying the owner of deep neural networks, which is usually done through the watermark. Current DNN watermarking schemes, particularly white-box ones, are uniformly fragile against a family of functionality equivalence attacks, especially the neuron permutation. This operation can effortlessly invalidate the ownership proof and escape copyright regulations. To enhance the robustness of white-box DNN watermarking schemes, this paper presents a procedure that aligns neurons into the same order as when the watermark is embedded, so the watermark can be correctly recognized. This neuron alignment process significantly facilitates the functionality of established deep neural network watermarking schemes.

Fang-Qi Li, Shi-Lin Wang, Alan Wee-Chung Liew

With the broad application of deep neural networks, the necessity of protecting them as intellectual properties has become evident. Numerous watermarking schemes have been proposed to identify the owner of a deep neural network and verify the ownership. However, most of them focused on the watermark embedding rather than the protocol for provable verification. To bridge the gap between those proposals and real-world demands, we study the deep learning model intellectual property protection in three scenarios: the ownership proof, the federated learning, and the intellectual property transfer. We present three protocols respectively. These protocols raise several new requirements for the bottom-level watermarking schemes.

Fang-Qi Li, Shi-Lin Wang, Alan Wee-Chung Liew

With the wide application of deep neural networks, it is important to verify a host's possession over a deep neural network model and protect the model. To meet this goal, various mechanisms have been designed. By embedding extra information into a network and revealing it afterward, the watermark becomes a competitive candidate in proving integrity for deep learning systems. However, concurrent watermarking schemes can hardly be adopted for emerging distributed learning paradigms that raise extra requirements during the ownership verification. A spearheading distributed learning paradigm is federated learning (FL) where many parties participate in training one single model. Each author participating in the FL should be able to verify its ownership independently. Moreover, there are other potential threat and corresponding security requirements under this scenario. To meet those requirements, in this paper, we demonstrate a watermarking protocol for protecting deep neural networks in the setting of FL. By incorporating the state-of-the-art watermarking scheme and the cryptological primitive designed for distributed storage, the protocol meets the need for ownership verification in the FL scenario without violating the privacy for each participant. This work paves the way for generalizing watermark as a practical security mechanism for protecting deep learning models in distributed learning platforms.

Fang-Qi Li, Xu-Die Ren, Hao-Nan Guo

The combination of a CNN detector and a search framework forms the basis for local object/pattern detection. To handle the waste of regional information and the defective compromise between efficiency and accuracy, this paper proposes a probabilistic model with a powerful search framework. By mapping an image into a probabilistic distribution of objects, this new model gives more informative outputs with less computation. The setting and analytic traits are elaborated in this paper, followed by a series of experiments carried out on FDDB, which show that the proposed model is sound, efficient and analytic.