DeepReg: A Trustworthy and Privacy-Friendly Ownership Regulatory Framework for Deep Learning Models

Well-trained deep learning (DL) models are widely recognized as valuable intellectual property (IP) and have been extensively adopted. However, concerns regarding IP infringement emerge when these models are either privately sold to end-users or publicly released online. Unauthorized activities, such as redistributing privately purchased models or exploiting restricted open-source models for commercial gain, pose a significant threat to the interests of model owners. In this paper, we introduce D eep R eg , a trustworthy and privacy-friendly regulatory framework designed to address IP infringement within the realm of DL models, thereby nurturing a healthier development ecosystem. D eep R eg enables a designated third-party regulator to extract the fingerprint of the original model within a Trusted Execution Environment, as well as to verify suspect models utilizing solely the predicted label without probability. Specifically, we leverage the uniqueness of feature extractors in DL models to craft multiple synthetic inputs for a selected real input. The real input, along with its synthetic inputs, establishes a one-to-many relationship, thereby creating a unique fingerprint for the original model. Furthermore, we propose two distinct methods for suspect detection and piracy judgment. These methods analyze the responses from the model API upon feeding the fingerprint, ensuring a high level of confidence while preventing malicious accusations. Experimental results demonstrate that D eep R eg achieves 100% detection accuracy for pirated models, with zero false positives for irrelevant models.