基于黑盒測試框架的深度學習模型版權保護方法
網絡安全與數據治理
屈詳顏1,2,于靜1,2,熊剛1,2,蓋珂珂3
1.中國科學院信息工程研究所,北京100085;2.中國科學院大學網絡空間安全學院,北京100049; 3.北京理工大學網絡空間安全學院,北京100081
摘要: 當前生成式人工智能技術迅速發展,深度學習模型作為關鍵技術資產的版權保護變得越發重要。現有模型版權保護方法一般采用確定性測試樣本生成算法,存在選擇效率低和對抗攻擊脆弱的問題。針對上述問題,提出了一種基于黑盒測試框架的深度學習模型版權保護方法。首先引入基于隨機性算法的樣本生成策略,有效提高了測試效率并降低了對抗攻擊的風險。此外針對黑盒場景,引入了新的測試指標和算法,增強了黑盒防御的能力,確保每個指標具有足夠的正交性。在實驗驗證方面,所提方法顯示出了高效的版權判斷準確性和可靠性,有效降低了高相關性指標的數量。
中圖分類號:TP181
文獻標識碼:ADOI:10.19358/j.issn.2097-1788.2023.12.001
引用格式:屈詳顏,于靜,熊剛,等.基于黑盒測試框架的深度學習模型版權保護方法[J].網絡安全與數據治理,2023,42(12):1-6,13.
文獻標識碼:ADOI:10.19358/j.issn.2097-1788.2023.12.001
引用格式:屈詳顏,于靜,熊剛,等.基于黑盒測試框架的深度學習模型版權保護方法[J].網絡安全與數據治理,2023,42(12):1-6,13.
Copyright protection for deep learning models utilizing a black box testing framework
Qu Xiangyan 1,2, Yu Jing1,2, Xiong Gang1,2, Gai Keke3
1 Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China; 2 School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China; 3 School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing 100081, China
Abstract: With the rapid development of generative artificial intelligence technologies, the copyright protection of deep learning models has become increasingly important. Existing copyright protection methods generally adopt deterministic test sample generation algorithms, which suffer from inefficiencies in selection and vulnerabilities to adversarial attacks. To address these issues, we propose a copyright protection method for deep learning models based on a blackbox testing framework. This method introduces a sample generation strategy based on randomness algorithms, effectively improving test efficiency and reducing the risk of adversarial attacks. Additionally, new test metrics and algorithms are introduced for blackbox scenarios, enhancing the defensive capabilities of blackbox testing and ensuring each metric possesses sufficient orthogonality. In experimental validation, the proposed method demonstrates high efficiency in copyright judgment accuracy and reliability, effectively reducing the number of highly correlated indicators.
Key words : generative artificial intelligence; deep learning models; copyright protection; black box defense
引言
在當前生成式人工智能技術的迅猛發展推動下,深度學習模型的版權保護問題日益受到關注。深度學習模型,尤其是大規模和高性能的模型,因其昂貴的訓練成本,容易遭受未授權的復制或再現,導致版權侵犯和模型所有者的經濟損失[1-2]。傳統的版權保護方法大多依賴于水印技術[3-4],通過在模型中嵌入特定的水印來確認所有權。盡管這類方法可以提供確切的所有權驗證,但它們對原有模型具有侵入性,可能會影響模型性能或引入新的安全風險;并且這些方法對適應性攻擊和新興的模型提取攻擊的魯棒性不足[5-6]。
作者信息
屈詳顏1,2,于靜1,2,熊剛1,2,蓋珂珂3
(1 中國科學院信息工程研究所,北京100085;2 中國科學院大學網絡空間安全學院,北京100049;
3 北京理工大學網絡空間安全學院,北京100081)
文章下載地址:http://www.xxav2194.com/resource/share/2000005869
此內容為AET網站原創,未經授權禁止轉載。