PCPT and ACPT: Copyright protection and traceability scheme for DNN models

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-01-30 DOI:10.1016/j.jisa.2025.103980

Xuefeng Fan , Dahao Fu , Hangyu Gui , Xiaoyi Zhou

{"title":"PCPT and ACPT: Copyright protection and traceability scheme for DNN models","authors":"Xuefeng Fan , Dahao Fu , Hangyu Gui , Xiaoyi Zhou","doi":"10.1016/j.jisa.2025.103980","DOIUrl":null,"url":null,"abstract":"<div><div>Deep neural networks (DNNs) have achieved tremendous success in artificial intelligence (AI) fields. However, DNN models can be easily illegally copied, redistributed, or abused by criminals, seriously damaging the interests of model inventors. Therefore, establishing a copyright protection and traceability mechanism to identify authorized users of a leaked model represents a novel challenge driven by the demand for artificial intelligence services. Because the existing traceability mechanisms are used for models without watermarks, a small number of false-positives are generated. Existing black-box active protection schemes have loose authorization control and are vulnerable to forgery attacks. Therefore, based on the idea of black-box neural network watermarking with the video framing and image perceptual hash algorithm, a passive copyright protection and traceability framework PCPT is proposed that uses an additional class of DNN models, improving the existing traceability mechanism that yields a small number of false-positives. Based on an authorization control strategy and image perceptual hash algorithm, a DNN model active copyright protection and traceability framework ACPT is proposed. This framework uses the authorization control center constructed by the detector and verifier. This approach realizes stricter authorization control, which establishes a strong connection between users and model owners, improves the framework security, and supports traceability verification.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103980"},"PeriodicalIF":3.8000,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625000183","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Deep neural networks (DNNs) have achieved tremendous success in artificial intelligence (AI) fields. However, DNN models can be easily illegally copied, redistributed, or abused by criminals, seriously damaging the interests of model inventors. Therefore, establishing a copyright protection and traceability mechanism to identify authorized users of a leaked model represents a novel challenge driven by the demand for artificial intelligence services. Because the existing traceability mechanisms are used for models without watermarks, a small number of false-positives are generated. Existing black-box active protection schemes have loose authorization control and are vulnerable to forgery attacks. Therefore, based on the idea of black-box neural network watermarking with the video framing and image perceptual hash algorithm, a passive copyright protection and traceability framework PCPT is proposed that uses an additional class of DNN models, improving the existing traceability mechanism that yields a small number of false-positives. Based on an authorization control strategy and image perceptual hash algorithm, a DNN model active copyright protection and traceability framework ACPT is proposed. This framework uses the authorization control center constructed by the detector and verifier. This approach realizes stricter authorization control, which establishes a strong connection between users and model owners, improves the framework security, and supports traceability verification.

查看原文本刊更多论文

PCPT和ACPT: DNN模型的版权保护和可追溯性方案

深度神经网络（dnn）在人工智能（AI）领域取得了巨大成功。然而，DNN模型很容易被不法分子非法复制、再分发或滥用，严重损害了模型发明者的利益。因此，在人工智能服务需求的驱动下，建立版权保护和可追溯机制来识别泄露模型的授权用户是一项新的挑战。由于现有的跟踪机制用于没有水印的模型，因此会产生少量的误报。现有的黑盒主动保护方案授权控制松散，容易受到伪造攻击。因此，基于基于视频分帧和图像感知哈希算法的黑盒神经网络水印思想，提出了一种被动版权保护和可追溯框架PCPT，该框架使用了额外的DNN模型，改进了现有的产生少量误报的可追溯机制。基于授权控制策略和图像感知哈希算法，提出了一种DNN模型主动版权保护和可追溯框架ACPT。该框架使用由检测器和验证者构建的授权控制中心。这种方法实现了更严格的授权控制，在用户和模型所有者之间建立了牢固的连接，提高了框架的安全性，并支持可追溯性验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.