Access Control Using Spatially Invariant Permutation of Feature Maps for Semantic Segmentation Models
This addresses the problem of model security for users of semantic segmentation models, but it is incremental as it extends existing access control methods from image classification to segmentation tasks.
The paper tackles the problem of protecting semantic segmentation models from unauthorized access by proposing an access control method using spatially invariant permutation of feature maps with a secret key, resulting in rightful users achieving almost the same performance as non-protected models while degrading performance for unauthorized users.
In this paper, we propose an access control method that uses the spatially invariant permutation of feature maps with a secret key for protecting semantic segmentation models. Segmentation models are trained and tested by permuting selected feature maps with a secret key. The proposed method allows rightful users with the correct key not only to access a model to full capacity but also to degrade the performance for unauthorized users. Conventional access control methods have focused only on image classification tasks, and these methods have never been applied to semantic segmentation tasks. In an experiment, the protected models were demonstrated to allow rightful users to obtain almost the same performance as that of non-protected models but also to be robust against access by unauthorized users without a key. In addition, a conventional method with block-wise transformations was also verified to have degraded performance under semantic segmentation models.