A Protection Method of Trained CNN Model Using Feature Maps Transformed With Secret Key From Unauthorized Access
This addresses the security issue of unauthorized access to AI models for users in sensitive domains, but it is incremental as it builds on existing key-based protection methods.
The paper tackles the problem of protecting trained CNN models from unauthorized access by using a secret key to transform feature maps, resulting in high accuracy for authorized users and low accuracy for unauthorized ones, with experiments on CIFAR-10 showing it outperforms previous methods in accuracy, key space, and robustness.
In this paper, we propose a model protection method for convolutional neural networks (CNNs) with a secret key so that authorized users get a high classification accuracy, and unauthorized users get a low classification accuracy. The proposed method applies a block-wise transformation with a secret key to feature maps in the network. Conventional key-based model protection methods cannot maintain a high accuracy when a large key space is selected. In contrast, the proposed method not only maintains almost the same accuracy as non-protected accuracy, but also has a larger key space. Experiments were carried out on the CIFAR-10 dataset, and results show that the proposed model protection method outperformed the previous key-based model protection methods in terms of classification accuracy, key space, and robustness against key estimation attacks and fine-tuning attacks.