通过异构图表示神经网络模型的鲁棒散列法

IF 3.2 2区 工程技术 Q2 ENGINEERING, ELECTRICAL & ELECTRONIC
Lin Huang;Yitong Tao;Chuan Qin;Xinpeng Zhang
{"title":"通过异构图表示神经网络模型的鲁棒散列法","authors":"Lin Huang;Yitong Tao;Chuan Qin;Xinpeng Zhang","doi":"10.1109/LSP.2024.3465898","DOIUrl":null,"url":null,"abstract":"How to protect the intellectual property (IP) of neural network models has become a hot topic in current research. Model hashing as an important model protection scheme, which achieves model IP protection by extracting model feature-based, compact hash codes and calculating the hash distance between original and suspicious models. To realize model IP protection across platforms and environments, we propose a robust hashing scheme for neural network models via heterogeneous graph representation, which can effectively detect the illegal copy of neural network models and doesn't degrade the model performance. Specifically, we first convert the neural network model into a heterogeneous graph and analyze its node attribute data. Then, a graph embedding learning method is used to extract the feature vectors of the model based on different attribute data of graph nodes. Finally, the hash code that can be used for model copy detection is generated based on the designed hash networks with quantization and triplet losses. Experimental results show that our scheme not only exhibits satisfactory robustness to different types of robustness graph attacks but also achieves satisfactory performances of discrimination and generalizability.","PeriodicalId":13154,"journal":{"name":"IEEE Signal Processing Letters","volume":null,"pages":null},"PeriodicalIF":3.2000,"publicationDate":"2024-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Robust Hashing for Neural Network Models via Heterogeneous Graph Representation\",\"authors\":\"Lin Huang;Yitong Tao;Chuan Qin;Xinpeng Zhang\",\"doi\":\"10.1109/LSP.2024.3465898\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"How to protect the intellectual property (IP) of neural network models has become a hot topic in current research. Model hashing as an important model protection scheme, which achieves model IP protection by extracting model feature-based, compact hash codes and calculating the hash distance between original and suspicious models. To realize model IP protection across platforms and environments, we propose a robust hashing scheme for neural network models via heterogeneous graph representation, which can effectively detect the illegal copy of neural network models and doesn't degrade the model performance. Specifically, we first convert the neural network model into a heterogeneous graph and analyze its node attribute data. Then, a graph embedding learning method is used to extract the feature vectors of the model based on different attribute data of graph nodes. Finally, the hash code that can be used for model copy detection is generated based on the designed hash networks with quantization and triplet losses. Experimental results show that our scheme not only exhibits satisfactory robustness to different types of robustness graph attacks but also achieves satisfactory performances of discrimination and generalizability.\",\"PeriodicalId\":13154,\"journal\":{\"name\":\"IEEE Signal Processing Letters\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":3.2000,\"publicationDate\":\"2024-09-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Signal Processing Letters\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10685122/\",\"RegionNum\":2,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Signal Processing Letters","FirstCategoryId":"5","ListUrlMain":"https://ieeexplore.ieee.org/document/10685122/","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0

摘要

如何保护神经网络模型的知识产权(IP)已成为当前研究的热门话题。模型散列作为一种重要的模型保护方案,通过提取基于模型特征的紧凑型散列码,计算原始模型与可疑模型之间的散列距离,实现模型的知识产权保护。为实现跨平台、跨环境的模型知识产权保护,我们提出了一种通过异构图表示的神经网络模型鲁棒散列方案,该方案能有效检测神经网络模型的非法拷贝,且不会降低模型性能。具体来说,我们首先将神经网络模型转换为异构图,并分析其节点属性数据。然后,根据图节点的不同属性数据,使用图嵌入学习方法提取模型的特征向量。最后,根据设计的哈希网络生成可用于模型复制检测的哈希代码,并进行量化和三重损失。实验结果表明,我们的方案不仅对不同类型的鲁棒性图攻击具有令人满意的鲁棒性,而且在辨别力和泛化能力方面也取得了令人满意的表现。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Robust Hashing for Neural Network Models via Heterogeneous Graph Representation
How to protect the intellectual property (IP) of neural network models has become a hot topic in current research. Model hashing as an important model protection scheme, which achieves model IP protection by extracting model feature-based, compact hash codes and calculating the hash distance between original and suspicious models. To realize model IP protection across platforms and environments, we propose a robust hashing scheme for neural network models via heterogeneous graph representation, which can effectively detect the illegal copy of neural network models and doesn't degrade the model performance. Specifically, we first convert the neural network model into a heterogeneous graph and analyze its node attribute data. Then, a graph embedding learning method is used to extract the feature vectors of the model based on different attribute data of graph nodes. Finally, the hash code that can be used for model copy detection is generated based on the designed hash networks with quantization and triplet losses. Experimental results show that our scheme not only exhibits satisfactory robustness to different types of robustness graph attacks but also achieves satisfactory performances of discrimination and generalizability.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
IEEE Signal Processing Letters
IEEE Signal Processing Letters 工程技术-工程:电子与电气
CiteScore
7.40
自引率
12.80%
发文量
339
审稿时长
2.8 months
期刊介绍: The IEEE Signal Processing Letters is a monthly, archival publication designed to provide rapid dissemination of original, cutting-edge ideas and timely, significant contributions in signal, image, speech, language and audio processing. Papers published in the Letters can be presented within one year of their appearance in signal processing conferences such as ICASSP, GlobalSIP and ICIP, and also in several workshop organized by the Signal Processing Society.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信