Protection against Cloning for Deep Learning
This addresses security risks for users of deep learning systems by protecting against adversarial attacks, though it appears incremental as it builds on existing Renormalisation Group frameworks.
The paper tackles the problem of deep learning models being vulnerable to adversarial attacks through cloning of network weights, and proposes a method to poison outputs imperceptibly to prevent cloning and foil adversarial data generation.
The susceptibility of deep learning to adversarial attack can be understood in the framework of the Renormalisation Group (RG) and the vulnerability of a specific network may be diagnosed provided the weights in each layer are known. An adversary with access to the inputs and outputs could train a second network to clone these weights and, having identified a weakness, use them to compute the perturbation of the input data which exploits it. However, the RG framework also provides a means to poison the outputs of the network imperceptibly, without affecting their legitimate use, so as to prevent such cloning of its weights and thereby foil the generation of adversarial data.