Knowledge Representation of Training Data with Adversarial Examples Supporting Decision Boundary

Deep learning (DL) has achieved tremendous success in recent years in many fields. The success of DL typically relies on a considerable amount of training data and the expensive model optimization process. Therefore, a trained DL model and its corresponding training data have become valuable assets...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on information forensics and security 2023-01, Vol.18, p.1-1
Main Authors: Tian, Zehao, Wang, Zixiong, Abdelmoniem, Ahmed M., Liu, Gaoyang, Wang, Chen
Format: Article
Language:English
Subjects:
Adaptation models
adversarial example
boundary supporting sample
Computational modeling
Data models
Datasets
Distillation
Intellectual property
IP networks
Knowledge representation
Optimization
Training
Training data
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Deep learning (DL) has achieved tremendous success in recent years in many fields. The success of DL typically relies on a considerable amount of training data and the expensive model optimization process. Therefore, a trained DL model and its corresponding training data have become valuable assets whose intellectual property (IP) needs to be protected. Once a DL model or its training dataset is released, there is currently no mechanism for the entity that owns one part to establish a clear relationship with the other. In this paper, we aim to reveal the integrated relationship between a given DL model and the corresponding training dataset, by framing the problem of knowledge representation of a dataset with respect to DL models trained on it: how to effectively represent the knowledge transferred from a training dataset to a DL model? Our basic idea is that the knowledge transferred from a training dataset to a DL model can be uniquely represented by the model's decision boundary. Therefore, we design a novel generation method that utilizes geometric consistency to find the samples supporting the decision boundary, which can serve as the proxy for the knowledge representation. We evaluate our method in three different cases: IP audit of training data, IP audit of DL models, and adversarial knowledge distillation. The experimental results show that our method can improve the performance of existing works in all cases, which confirm that our method can effectively represent the knowledge transferred from a training dataset to a DL model.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2023.3293418