December 2024
·
6 Reads
Cybersecurity
Efforts have been made to safeguard DNNs from intellectual property infringement. Among different techniques, model fingerprinting has gained popularity due to its ability to examine potential infringement without altering the model’s parameters. However, there is a concern regarding the vulnerability of previous model fingerprints to “ambiguity attacks,” where attackers may use fabricated fingerprints to bypass ownership verification, potentially leading to disputes. To address this issue, we propose a dual-verification-based fingerprint authentication system that incorporates the verification of fingerprint genuineness. Briefly, this system involves two authentication processes: conventional fingerprint methods for authenticating model copyrights and the incorporation of copyright information into the fingerprint feature map to confirm ownership of the model fingerprint. Extensive experiments have been conducted to demonstrate the effectiveness of our approach in resisting ambiguity attacks and managing attempts to remove the fingerprint.