FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4360764263> ?p ?o ?g. }

• W4360764263 abstract "A deep neural network (DNN) classifier is often viewed as the intellectual property of a model owner due to the huge resources required to train it. To protect intellectual property, the model owner can embed a watermark into the DNN classifier (called target classifier) such that it outputs pre-determined labels (called trigger labels) for pre-determined inputs (called trigger inputs). Given the black-box access to a suspect classifier, the model owner can verify whether the suspect classifier is pirated version of its classifier by first querying the suspect classifier for trigger inputs and then checking whether the predicted labels match with the trigger labels. Many studies showed that an attacker can pirate the target classifier (called pirated classifier) via retraining or fine-tuning the target classifier to remove its watermark. However, they sacrifice the accuracy of the pirated classifier, which is undesired for critical applications such as finance and healthcare. In our work, we propose a new attack without sacrificing the accuracy of the pirated classifier for in-distribution testing inputs while preventing the detection from the model owner. Our idea is that an attacker can detect the trigger inputs in the inference stage of the pirated classifier. In particular, given a testing input, we let the pirated classifier return a random label if the input is detected as a trigger input. Otherwise, the pirated classifier predicts the same label as the target classifier. We evaluate our attack on benchmark datasets and find that our attack can effectively identify the trigger inputs. Our attack reveals that the intellectual property of a model owner can be violated with existing watermarking techniques, highlighting the need for new techniques." @default.
• W4360764263 created "2023-03-25" @default.
• W4360764263 creator A5009102659 @default.
• W4360764263 creator A5012321364 @default.
• W4360764263 creator A5040322825 @default.
• W4360764263 creator A5049191318 @default.
• W4360764263 creator A5081399408 @default.
• W4360764263 creator A5087464080 @default.
• W4360764263 date "2022-12-01" @default.
• W4360764263 modified "2023-09-23" @default.
• W4360764263 title "Deep Neural Network Piration without Accuracy Loss" @default.
• W4360764263 cites W2604319603 @default.
• W4360764263 cites W2768064608 @default.
• W4360764263 cites W2806082141 @default.
• W4360764263 cites W2937447982 @default.
• W4360764263 cites W2990980946 @default.
• W4360764263 cites W3102111060 @default.
• W4360764263 cites W3105676597 @default.
• W4360764263 cites W3173775589 @default.
• W4360764263 cites W3179479348 @default.
• W4360764263 doi "https://doi.org/10.1109/icmla55696.2022.00172" @default.
• W4360764263 hasPublicationYear "2022" @default.
• W4360764263 type Work @default.
• W4360764263 citedByCount "0" @default.
• W4360764263 crossrefType "proceedings-article" @default.
• W4360764263 hasAuthorship W4360764263A5009102659 @default.
• W4360764263 hasAuthorship W4360764263A5012321364 @default.
• W4360764263 hasAuthorship W4360764263A5040322825 @default.
• W4360764263 hasAuthorship W4360764263A5049191318 @default.
• W4360764263 hasAuthorship W4360764263A5081399408 @default.
• W4360764263 hasAuthorship W4360764263A5087464080 @default.
• W4360764263 hasConcept C119857082 @default.
• W4360764263 hasConcept C153180895 @default.
• W4360764263 hasConcept C154945302 @default.
• W4360764263 hasConcept C164112704 @default.
• W4360764263 hasConcept C173102733 @default.
• W4360764263 hasConcept C17744445 @default.
• W4360764263 hasConcept C199539241 @default.
• W4360764263 hasConcept C2776214188 @default.
• W4360764263 hasConcept C2778223634 @default.
• W4360764263 hasConcept C41008148 @default.
• W4360764263 hasConcept C41608201 @default.
• W4360764263 hasConcept C50644808 @default.
• W4360764263 hasConcept C52620605 @default.
• W4360764263 hasConcept C95623464 @default.
• W4360764263 hasConceptScore W4360764263C119857082 @default.
• W4360764263 hasConceptScore W4360764263C153180895 @default.
• W4360764263 hasConceptScore W4360764263C154945302 @default.
• W4360764263 hasConceptScore W4360764263C164112704 @default.
• W4360764263 hasConceptScore W4360764263C173102733 @default.
• W4360764263 hasConceptScore W4360764263C17744445 @default.
• W4360764263 hasConceptScore W4360764263C199539241 @default.
• W4360764263 hasConceptScore W4360764263C2776214188 @default.
• W4360764263 hasConceptScore W4360764263C2778223634 @default.
• W4360764263 hasConceptScore W4360764263C41008148 @default.
• W4360764263 hasConceptScore W4360764263C41608201 @default.
• W4360764263 hasConceptScore W4360764263C50644808 @default.
• W4360764263 hasConceptScore W4360764263C52620605 @default.
• W4360764263 hasConceptScore W4360764263C95623464 @default.
• W4360764263 hasLocation W43607642631 @default.
• W4360764263 hasOpenAccess W4360764263 @default.
• W4360764263 hasPrimaryLocation W43607642631 @default.
• W4360764263 hasRelatedWork W136498147 @default.
• W4360764263 hasRelatedWork W2052818405 @default.
• W4360764263 hasRelatedWork W2070948731 @default.
• W4360764263 hasRelatedWork W2112112609 @default.
• W4360764263 hasRelatedWork W2120008580 @default.
• W4360764263 hasRelatedWork W2149078746 @default.
• W4360764263 hasRelatedWork W2377596477 @default.
• W4360764263 hasRelatedWork W4221015625 @default.
• W4360764263 hasRelatedWork W1822914510 @default.
• W4360764263 hasRelatedWork W3139983161 @default.
• W4360764263 isParatext "false" @default.
• W4360764263 isRetracted "false" @default.
• W4360764263 workType "article" @default.