Loading…

Attacks on Recent DNN IP Protection Techniques and Their Mitigation

With the rapid increase in the development of Deep Learning methodologies, Deep Neural Networks (DNNs) are now being commonly deployed in smart systems (e.g. autonomous vehicles) and high-end security applications (e.g. face recognition, biometric authentication, etc.). The training of such DNN mode...

Full description

Saved in:

Bibliographic Details
Published in:	IEEE transactions on computer-aided design of integrated circuits and systems 2023-11, Vol.42 (11), p.1-1
Main Authors:	Mukherjee, Rijoy, Chakraborty, Rajat Subhra
Format:	Article
Language:	English
Subjects:	AES Algorithms Artificial neural networks Chaotic Encryption Copying Cryptography Deep Neural Network Encryption Face recognition Hardware Intellectual property Intellectual Property (IP) protection IP networks Kernel Machine learning Mathematical models Parameters Security Training Watermarking
Citations:	Items that this one cites
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by
cites	cdi_FETCH-LOGICAL-c246t-927bfe1b985ab02b6fe1c07e059164472c78e3893fd888218071c196edc947bf3
container_end_page	1
container_issue	11
container_start_page	1
container_title	IEEE transactions on computer-aided design of integrated circuits and systems
container_volume	42
creator	Mukherjee, Rijoy Chakraborty, Rajat Subhra
description	With the rapid increase in the development of Deep Learning methodologies, Deep Neural Networks (DNNs) are now being commonly deployed in smart systems (e.g. autonomous vehicles) and high-end security applications (e.g. face recognition, biometric authentication, etc.). The training of such DNN models often requires exclusive valuable training datasets, enormous computational resources, and expert fine-tuning skills. Hence, a trained DNN model can be regarded as valuable proprietary Intellectual Property (IP). Piracy of such DNN IPs has emerged as a major concern, with increasing trends of illegal copying and redistribution. A number of mitigation approaches targeting DNN IP protection have been proposed in recent years. In this work, we target two recently proposed DNN IP protection schemes: (a) Chaotic Map theory based encryption of the weight parameters, and (b) traditional block cipher based encryption of the weights. We demonstrate attacks on two recent DNN IP protection techniques, with one technique each belonging to the above-mentioned schemes, under a pragmatic attack model. We also propose a novel DNN IP protection technique based on selective encryption of the weight parameters, termed LEWIP to mitigate the exposed weaknesses, while having low implementation and performance overheads. Finally, we demonstrate the effectiveness of the LEWIP technique against state-of-the-art DNN implementations.
doi_str_mv	10.1109/TCAD.2023.3272271
format	article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_TCAD_2023_3272271</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10115275</ieee_id><sourcerecordid>2879382661</sourcerecordid><originalsourceid>FETCH-LOGICAL-c246t-927bfe1b985ab02b6fe1c07e059164472c78e3893fd888218071c196edc947bf3</originalsourceid><addsrcrecordid>eNpNkMFOwzAQRC0EEqXwAUgcLHFO8a6T2D5WKYVKpVQonK3E3dAUSIrjHvh7ErUHTqvVzOyOHmO3ICYAwjzk2XQ2QYFyIlEhKjhjIzBSRTEkcM5GApWOhFDikl113U4IiBM0I5ZNQyjcZ8fbhr-Roybw2WrFF2u-9m0gF-peyMltm_rnQB0vmg3Pt1R7_lKH-qMY9Gt2URVfHd2c5pi9zx_z7Dlavj4tsukychinITKoyoqgNDopSoFl2i9OKBKJgTSOFTqlSWojq43WGkELBQ5MShtn4j4qx-z-eHfv26FMsLv24Jv-pUWtjNSYptC74Ohyvu06T5Xd-_q78L8WhB1Y2YGVHVjZE6s-c3fM1ET0zw-QoErkH9IxYyk</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2879382661</pqid></control><display><type>article</type><title>Attacks on Recent DNN IP Protection Techniques and Their Mitigation</title><source>IEEE Xplore (Online service)</source><creator>Mukherjee, Rijoy ; Chakraborty, Rajat Subhra</creator><creatorcontrib>Mukherjee, Rijoy ; Chakraborty, Rajat Subhra</creatorcontrib><description>With the rapid increase in the development of Deep Learning methodologies, Deep Neural Networks (DNNs) are now being commonly deployed in smart systems (e.g. autonomous vehicles) and high-end security applications (e.g. face recognition, biometric authentication, etc.). The training of such DNN models often requires exclusive valuable training datasets, enormous computational resources, and expert fine-tuning skills. Hence, a trained DNN model can be regarded as valuable proprietary Intellectual Property (IP). Piracy of such DNN IPs has emerged as a major concern, with increasing trends of illegal copying and redistribution. A number of mitigation approaches targeting DNN IP protection have been proposed in recent years. In this work, we target two recently proposed DNN IP protection schemes: (a) Chaotic Map theory based encryption of the weight parameters, and (b) traditional block cipher based encryption of the weights. We demonstrate attacks on two recent DNN IP protection techniques, with one technique each belonging to the above-mentioned schemes, under a pragmatic attack model. We also propose a novel DNN IP protection technique based on selective encryption of the weight parameters, termed LEWIP to mitigate the exposed weaknesses, while having low implementation and performance overheads. Finally, we demonstrate the effectiveness of the LEWIP technique against state-of-the-art DNN implementations.</description><identifier>ISSN: 0278-0070</identifier><identifier>EISSN: 1937-4151</identifier><identifier>DOI: 10.1109/TCAD.2023.3272271</identifier><identifier>CODEN: ITCSDI</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>AES ; Algorithms ; Artificial neural networks ; Chaotic Encryption ; Copying ; Cryptography ; Deep Neural Network ; Encryption ; Face recognition ; Hardware ; Intellectual property ; Intellectual Property (IP) protection ; IP networks ; Kernel ; Machine learning ; Mathematical models ; Parameters ; Security ; Training ; Watermarking</subject><ispartof>IEEE transactions on computer-aided design of integrated circuits and systems, 2023-11, Vol.42 (11), p.1-1</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c246t-927bfe1b985ab02b6fe1c07e059164472c78e3893fd888218071c196edc947bf3</cites><orcidid>0000-0003-3588-163X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10115275$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,54796</link.rule.ids></links><search><creatorcontrib>Mukherjee, Rijoy</creatorcontrib><creatorcontrib>Chakraborty, Rajat Subhra</creatorcontrib><title>Attacks on Recent DNN IP Protection Techniques and Their Mitigation</title><title>IEEE transactions on computer-aided design of integrated circuits and systems</title><addtitle>TCAD</addtitle><description>With the rapid increase in the development of Deep Learning methodologies, Deep Neural Networks (DNNs) are now being commonly deployed in smart systems (e.g. autonomous vehicles) and high-end security applications (e.g. face recognition, biometric authentication, etc.). The training of such DNN models often requires exclusive valuable training datasets, enormous computational resources, and expert fine-tuning skills. Hence, a trained DNN model can be regarded as valuable proprietary Intellectual Property (IP). Piracy of such DNN IPs has emerged as a major concern, with increasing trends of illegal copying and redistribution. A number of mitigation approaches targeting DNN IP protection have been proposed in recent years. In this work, we target two recently proposed DNN IP protection schemes: (a) Chaotic Map theory based encryption of the weight parameters, and (b) traditional block cipher based encryption of the weights. We demonstrate attacks on two recent DNN IP protection techniques, with one technique each belonging to the above-mentioned schemes, under a pragmatic attack model. We also propose a novel DNN IP protection technique based on selective encryption of the weight parameters, termed LEWIP to mitigate the exposed weaknesses, while having low implementation and performance overheads. Finally, we demonstrate the effectiveness of the LEWIP technique against state-of-the-art DNN implementations.</description><subject>AES</subject><subject>Algorithms</subject><subject>Artificial neural networks</subject><subject>Chaotic Encryption</subject><subject>Copying</subject><subject>Cryptography</subject><subject>Deep Neural Network</subject><subject>Encryption</subject><subject>Face recognition</subject><subject>Hardware</subject><subject>Intellectual property</subject><subject>Intellectual Property (IP) protection</subject><subject>IP networks</subject><subject>Kernel</subject><subject>Machine learning</subject><subject>Mathematical models</subject><subject>Parameters</subject><subject>Security</subject><subject>Training</subject><subject>Watermarking</subject><issn>0278-0070</issn><issn>1937-4151</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNpNkMFOwzAQRC0EEqXwAUgcLHFO8a6T2D5WKYVKpVQonK3E3dAUSIrjHvh7ErUHTqvVzOyOHmO3ICYAwjzk2XQ2QYFyIlEhKjhjIzBSRTEkcM5GApWOhFDikl113U4IiBM0I5ZNQyjcZ8fbhr-Roybw2WrFF2u-9m0gF-peyMltm_rnQB0vmg3Pt1R7_lKH-qMY9Gt2URVfHd2c5pi9zx_z7Dlavj4tsukychinITKoyoqgNDopSoFl2i9OKBKJgTSOFTqlSWojq43WGkELBQ5MShtn4j4qx-z-eHfv26FMsLv24Jv-pUWtjNSYptC74Ohyvu06T5Xd-_q78L8WhB1Y2YGVHVjZE6s-c3fM1ET0zw-QoErkH9IxYyk</recordid><startdate>20231101</startdate><enddate>20231101</enddate><creator>Mukherjee, Rijoy</creator><creator>Chakraborty, Rajat Subhra</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-3588-163X</orcidid></search><sort><creationdate>20231101</creationdate><title>Attacks on Recent DNN IP Protection Techniques and Their Mitigation</title><author>Mukherjee, Rijoy ; Chakraborty, Rajat Subhra</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c246t-927bfe1b985ab02b6fe1c07e059164472c78e3893fd888218071c196edc947bf3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>AES</topic><topic>Algorithms</topic><topic>Artificial neural networks</topic><topic>Chaotic Encryption</topic><topic>Copying</topic><topic>Cryptography</topic><topic>Deep Neural Network</topic><topic>Encryption</topic><topic>Face recognition</topic><topic>Hardware</topic><topic>Intellectual property</topic><topic>Intellectual Property (IP) protection</topic><topic>IP networks</topic><topic>Kernel</topic><topic>Machine learning</topic><topic>Mathematical models</topic><topic>Parameters</topic><topic>Security</topic><topic>Training</topic><topic>Watermarking</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Mukherjee, Rijoy</creatorcontrib><creatorcontrib>Chakraborty, Rajat Subhra</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005–Present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on computer-aided design of integrated circuits and systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Mukherjee, Rijoy</au><au>Chakraborty, Rajat Subhra</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Attacks on Recent DNN IP Protection Techniques and Their Mitigation</atitle><jtitle>IEEE transactions on computer-aided design of integrated circuits and systems</jtitle><stitle>TCAD</stitle><date>2023-11-01</date><risdate>2023</risdate><volume>42</volume><issue>11</issue><spage>1</spage><epage>1</epage><pages>1-1</pages><issn>0278-0070</issn><eissn>1937-4151</eissn><coden>ITCSDI</coden><abstract>With the rapid increase in the development of Deep Learning methodologies, Deep Neural Networks (DNNs) are now being commonly deployed in smart systems (e.g. autonomous vehicles) and high-end security applications (e.g. face recognition, biometric authentication, etc.). The training of such DNN models often requires exclusive valuable training datasets, enormous computational resources, and expert fine-tuning skills. Hence, a trained DNN model can be regarded as valuable proprietary Intellectual Property (IP). Piracy of such DNN IPs has emerged as a major concern, with increasing trends of illegal copying and redistribution. A number of mitigation approaches targeting DNN IP protection have been proposed in recent years. In this work, we target two recently proposed DNN IP protection schemes: (a) Chaotic Map theory based encryption of the weight parameters, and (b) traditional block cipher based encryption of the weights. We demonstrate attacks on two recent DNN IP protection techniques, with one technique each belonging to the above-mentioned schemes, under a pragmatic attack model. We also propose a novel DNN IP protection technique based on selective encryption of the weight parameters, termed LEWIP to mitigate the exposed weaknesses, while having low implementation and performance overheads. Finally, we demonstrate the effectiveness of the LEWIP technique against state-of-the-art DNN implementations.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TCAD.2023.3272271</doi><tpages>1</tpages><orcidid>https://orcid.org/0000-0003-3588-163X</orcidid></addata></record>
fulltext	fulltext
identifier	ISSN: 0278-0070
ispartof	IEEE transactions on computer-aided design of integrated circuits and systems, 2023-11, Vol.42 (11), p.1-1
issn	0278-0070 1937-4151
language	eng
recordid	cdi_crossref_primary_10_1109_TCAD_2023_3272271
source	IEEE Xplore (Online service)
subjects	AES Algorithms Artificial neural networks Chaotic Encryption Copying Cryptography Deep Neural Network Encryption Face recognition Hardware Intellectual property Intellectual Property (IP) protection IP networks Kernel Machine learning Mathematical models Parameters Security Training Watermarking
title	Attacks on Recent DNN IP Protection Techniques and Their Mitigation
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-01T10%3A18%3A11IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Attacks%20on%20Recent%20DNN%20IP%20Protection%20Techniques%20and%20Their%20Mitigation&rft.jtitle=IEEE%20transactions%20on%20computer-aided%20design%20of%20integrated%20circuits%20and%20systems&rft.au=Mukherjee,%20Rijoy&rft.date=2023-11-01&rft.volume=42&rft.issue=11&rft.spage=1&rft.epage=1&rft.pages=1-1&rft.issn=0278-0070&rft.eissn=1937-4151&rft.coden=ITCSDI&rft_id=info:doi/10.1109/TCAD.2023.3272271&rft_dat=%3Cproquest_cross%3E2879382661%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c246t-927bfe1b985ab02b6fe1c07e059164472c78e3893fd888218071c196edc947bf3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2879382661&rft_id=info:pmid/&rft_ieee_id=10115275&rfr_iscdi=true