Training DNN Model with Secret Key for Model Protection
This addresses security for model owners by preventing unauthorized use, but it is incremental as it builds on existing preprocessing techniques.
The paper tackles model protection by training DNNs with input images preprocessed using block-wise pixel shuffling and a secret key, achieving close accuracy to non-protected models with the correct key and severe drops with incorrect keys, while showing robustness against brute-force and fine-tuning attacks.
In this paper, we propose a model protection method by using block-wise pixel shuffling with a secret key as a preprocessing technique to input images for the first time. The protected model is built by training with such preprocessed images. Experiment results show that the performance of the protected model is close to that of non-protected models when the key is correct, while the accuracy is severely dropped when an incorrect key is given, and the proposed model protection is robust against not only brute-force attacks but also fine-tuning attacks, while maintaining almost the same performance accuracy as that of using a non-protected model.