Robust Hashing for Neural Network Models via Heterogeneous Graph Representation

IF 3.2 2区 工程技术 Q2 ENGINEERING, ELECTRICAL & ELECTRONIC IEEE Signal Processing Letters Pub Date : 2024-09-20 DOI:10.1109/LSP.2024.3465898
Lin Huang;Yitong Tao;Chuan Qin;Xinpeng Zhang
{"title":"Robust Hashing for Neural Network Models via Heterogeneous Graph Representation","authors":"Lin Huang;Yitong Tao;Chuan Qin;Xinpeng Zhang","doi":"10.1109/LSP.2024.3465898","DOIUrl":null,"url":null,"abstract":"How to protect the intellectual property (IP) of neural network models has become a hot topic in current research. Model hashing as an important model protection scheme, which achieves model IP protection by extracting model feature-based, compact hash codes and calculating the hash distance between original and suspicious models. To realize model IP protection across platforms and environments, we propose a robust hashing scheme for neural network models via heterogeneous graph representation, which can effectively detect the illegal copy of neural network models and doesn't degrade the model performance. Specifically, we first convert the neural network model into a heterogeneous graph and analyze its node attribute data. Then, a graph embedding learning method is used to extract the feature vectors of the model based on different attribute data of graph nodes. Finally, the hash code that can be used for model copy detection is generated based on the designed hash networks with quantization and triplet losses. Experimental results show that our scheme not only exhibits satisfactory robustness to different types of robustness graph attacks but also achieves satisfactory performances of discrimination and generalizability.","PeriodicalId":13154,"journal":{"name":"IEEE Signal Processing Letters","volume":null,"pages":null},"PeriodicalIF":3.2000,"publicationDate":"2024-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Signal Processing Letters","FirstCategoryId":"5","ListUrlMain":"https://ieeexplore.ieee.org/document/10685122/","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0

Abstract

How to protect the intellectual property (IP) of neural network models has become a hot topic in current research. Model hashing as an important model protection scheme, which achieves model IP protection by extracting model feature-based, compact hash codes and calculating the hash distance between original and suspicious models. To realize model IP protection across platforms and environments, we propose a robust hashing scheme for neural network models via heterogeneous graph representation, which can effectively detect the illegal copy of neural network models and doesn't degrade the model performance. Specifically, we first convert the neural network model into a heterogeneous graph and analyze its node attribute data. Then, a graph embedding learning method is used to extract the feature vectors of the model based on different attribute data of graph nodes. Finally, the hash code that can be used for model copy detection is generated based on the designed hash networks with quantization and triplet losses. Experimental results show that our scheme not only exhibits satisfactory robustness to different types of robustness graph attacks but also achieves satisfactory performances of discrimination and generalizability.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
通过异构图表示神经网络模型的鲁棒散列法
如何保护神经网络模型的知识产权(IP)已成为当前研究的热门话题。模型散列作为一种重要的模型保护方案,通过提取基于模型特征的紧凑型散列码,计算原始模型与可疑模型之间的散列距离,实现模型的知识产权保护。为实现跨平台、跨环境的模型知识产权保护,我们提出了一种通过异构图表示的神经网络模型鲁棒散列方案,该方案能有效检测神经网络模型的非法拷贝,且不会降低模型性能。具体来说,我们首先将神经网络模型转换为异构图,并分析其节点属性数据。然后,根据图节点的不同属性数据,使用图嵌入学习方法提取模型的特征向量。最后,根据设计的哈希网络生成可用于模型复制检测的哈希代码,并进行量化和三重损失。实验结果表明,我们的方案不仅对不同类型的鲁棒性图攻击具有令人满意的鲁棒性,而且在辨别力和泛化能力方面也取得了令人满意的表现。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
IEEE Signal Processing Letters
IEEE Signal Processing Letters 工程技术-工程:电子与电气
CiteScore
7.40
自引率
12.80%
发文量
339
审稿时长
2.8 months
期刊介绍: The IEEE Signal Processing Letters is a monthly, archival publication designed to provide rapid dissemination of original, cutting-edge ideas and timely, significant contributions in signal, image, speech, language and audio processing. Papers published in the Letters can be presented within one year of their appearance in signal processing conferences such as ICASSP, GlobalSIP and ICIP, and also in several workshop organized by the Signal Processing Society.
期刊最新文献
KFA: Keyword Feature Augmentation for Open Set Keyword Spotting RFI-Aware and Low-Cost Maximum Likelihood Imaging for High-Sensitivity Radio Telescopes Audio Mamba: Bidirectional State Space Model for Audio Representation Learning System-Informed Neural Network for Frequency Detection Order Estimation of Linear-Phase FIR Filters for DAC Equalization in Multiple Nyquist Bands
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1