Currently, deep neural networks (DNNs) are widely adopted in different applications. Despite its commercial values, training a well-performing DNN is resource-consuming. Accordingly, the well-trained model is valuable intellectual property for its owner. However, recent studies revealed the threats of model stealing, where the adversaries can obtain a function-similar copy of the victim model, even when they can only query the model. In this paper, we propose an effective and harmless model ownership verification (MOVE) to defend against different types of model stealing simultaneously, without introducing new security risks. In general, we conduct the ownership verification by verifying whether a suspicious model contains the knowledge of defender-specified external features. Specifically, we embed the external features by modifying a few training samples with style transfer. We then train a meta-classifier to determine whether a model is stolen from the victim. This approach is inspired by the understanding that the stolen models should contain the knowledge of features learned by the victim model. In particular, we develop our MOVE method under both white-box and black-box settings and analyze its theoretical foundation to provide comprehensive model protection. Extensive experiments on benchmark datasets verify the effectiveness of our method and its resistance to potential adaptive attacks. The codes for reproducing the main experiments of our method are available at https://github.com/THUYimingLi/MOVE.
Download full-text PDF |
Source |
|---|---|
| http://dx.doi.org/10.1109/TPAMI.2025.3546223 | DOI Listing |
Publication Analysis
Top Keywords
Similar Publications
Comparable choroidal thickness between treated eyes and untreated fellow-eyes in patients with unilateral neovascular AMD: a paired-eyes comparative study.
Graefes Arch Clin Exp Ophthalmol
March 2025
Department of Ophthalmology, Donders Institute for Brain, Cognition and Behaviour, Radboud University Medical Center, Geert Grooteplein Zuid 10, Nijmegen, 6525, The Netherlands.
Aims: To investigate the potential effect of anti-VEGF treatment on choroidal thickness (CT) in unilateral neovascular age-related macular degeneration (AMD) patients.
Method: This is a cross-sectional study where patients were included as part of an ongoing prospective study which included patients with unilateral neovascular (n) AMD. The fellow-eye served as control.
MOVE: Effective and Harmless Ownership Verification via Embedded External Features.
IEEE Trans Pattern Anal Mach Intell
February 2025
Currently, deep neural networks (DNNs) are widely adopted in different applications. Despite its commercial values, training a well-performing DNN is resource-consuming. Accordingly, the well-trained model is valuable intellectual property for its owner.
View Article and Find Full Text PDFIntroduction: We measured and analyzed the overall and industrial hygiene teaching loads among existing official master's programs that offer certification as upper level technician in occupational risk prevention for the 2023-2024 term in Spain.
Methods: We consulted the Ministry of Universities QEDU and RUCT websites, as well as the official master's degrees program websites. We collected information on public or private ownership of the university, whether or not the teaching was in-person, the required credits for attaining one or all three specialties, the credits specific to industrial hygiene.
Incorporation of cultural competencies ensured achievement of project goals across multiple states supported by Howard University Global Initiative, Nigeria.
Curr Pharm Teach Learn
February 2025
Howard University PACE Center, Nigeria.
Introduction: Howard University has served as the technical lead for ensuring best practices in pharmacy services and systems across multiple projects over the last two decades across all 36 + 1 states in Nigeria. Experiences and studies have shown that implementing projects without making allowances for local contexts and cultures can lead to failure. Howard University Global Initiative, Nigeria (HUGIN) incorporated cultural competencies into the design and implementation of training and care packages used in project implementation.
View Article and Find Full Text PDFComputational Nuclear Oncology Toward Precision Radiopharmaceutical Therapies: Ethical, Regulatory, and Socioeconomic Dimensions of Theranostic Digital Twins.
J Nucl Med
January 2025
United Theranostics, Bethesda, Maryland.
Computational nuclear oncology for precision radiopharmaceutical therapy (RPT) is a new frontier for theranostic treatment personalization. A key strategy relies on the possibility to incorporate clinical, biomarker, image-based, and dosimetric information in theranostic digital twins (TDTs) of patients to move beyond a one-size-fits-all approach. The TDT framework enables treatment optimization by real-time monitoring of the real-world system, simulation of different treatment scenarios, and prediction of resulting treatment outcomes, as well as facilitating collaboration and knowledge sharing among health care professionals adopting a harmonized TDT.
View Article and Find Full Text PDFWant AI Summaries of new PubMed Abstracts delivered to your In-box?
Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!