Saved in:
Bibliographic Details
Main Authors: Abuadbba, Alsharif, Rhodes, Nicholas, Moore, Kristen, Sabir, Bushra, Wang, Shuo, Gao, Yansong
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2407.01260
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914854450757632
author Abuadbba, Alsharif
Rhodes, Nicholas
Moore, Kristen
Sabir, Bushra
Wang, Shuo
Gao, Yansong
author_facet Abuadbba, Alsharif
Rhodes, Nicholas
Moore, Kristen
Sabir, Bushra
Wang, Shuo
Gao, Yansong
contents Deep learning solutions in critical domains like autonomous vehicles, facial recognition, and sentiment analysis require caution due to the severe consequences of errors. Research shows these models are vulnerable to adversarial attacks, such as data poisoning and neural trojaning, which can covertly manipulate model behavior, compromising reliability and safety. Current defense strategies like watermarking have limitations: they fail to detect all model modifications and primarily focus on attacks on CNNs in the image domain, neglecting other critical architectures like RNNs. To address these gaps, we introduce DeepiSign-G, a versatile watermarking approach designed for comprehensive verification of leading DNN architectures, including CNNs and RNNs. DeepiSign-G enhances model security by embedding an invisible watermark within the Walsh-Hadamard transform coefficients of the model's parameters. This watermark is highly sensitive and fragile, ensuring prompt detection of any modifications. Unlike traditional hashing techniques, DeepiSign-G allows substantial metadata incorporation directly within the model, enabling detailed, self-contained tracking and verification. We demonstrate DeepiSign-G's applicability across various architectures, including CNN models (VGG, ResNets, DenseNet) and RNNs (Text sentiment classifier). We experiment with four popular datasets: VGG Face, CIFAR10, GTSRB Traffic Sign, and Large Movie Review. We also evaluate DeepiSign-G under five potential attacks. Our comprehensive evaluation confirms that DeepiSign-G effectively detects these attacks without compromising CNN and RNN model performance, highlighting its efficacy as a robust security measure for deep learning applications. Detection of integrity breaches is nearly perfect, while hiding only a bit in approximately 1% of the Walsh-Hadamard coefficients.
format Preprint
id arxiv_https___arxiv_org_abs_2407_01260
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle DeepiSign-G: Generic Watermark to Stamp Hidden DNN Parameters for Self-contained Tracking
Abuadbba, Alsharif
Rhodes, Nicholas
Moore, Kristen
Sabir, Bushra
Wang, Shuo
Gao, Yansong
Cryptography and Security
Deep learning solutions in critical domains like autonomous vehicles, facial recognition, and sentiment analysis require caution due to the severe consequences of errors. Research shows these models are vulnerable to adversarial attacks, such as data poisoning and neural trojaning, which can covertly manipulate model behavior, compromising reliability and safety. Current defense strategies like watermarking have limitations: they fail to detect all model modifications and primarily focus on attacks on CNNs in the image domain, neglecting other critical architectures like RNNs. To address these gaps, we introduce DeepiSign-G, a versatile watermarking approach designed for comprehensive verification of leading DNN architectures, including CNNs and RNNs. DeepiSign-G enhances model security by embedding an invisible watermark within the Walsh-Hadamard transform coefficients of the model's parameters. This watermark is highly sensitive and fragile, ensuring prompt detection of any modifications. Unlike traditional hashing techniques, DeepiSign-G allows substantial metadata incorporation directly within the model, enabling detailed, self-contained tracking and verification. We demonstrate DeepiSign-G's applicability across various architectures, including CNN models (VGG, ResNets, DenseNet) and RNNs (Text sentiment classifier). We experiment with four popular datasets: VGG Face, CIFAR10, GTSRB Traffic Sign, and Large Movie Review. We also evaluate DeepiSign-G under five potential attacks. Our comprehensive evaluation confirms that DeepiSign-G effectively detects these attacks without compromising CNN and RNN model performance, highlighting its efficacy as a robust security measure for deep learning applications. Detection of integrity breaches is nearly perfect, while hiding only a bit in approximately 1% of the Walsh-Hadamard coefficients.
title DeepiSign-G: Generic Watermark to Stamp Hidden DNN Parameters for Self-contained Tracking
topic Cryptography and Security
url https://arxiv.org/abs/2407.01260