Find the Lady: Permutation and Re-synchronization of Deep Neural Networks
DOI:
https://doi.org/10.1609/aaai.v38i19.30091Keywords:
GeneralAbstract
Deep neural networks are characterized by multiple symmetrical, equi-loss solutions that are redundant. Thus, the order of neurons in a layer and feature maps can be given arbitrary permutations, without affecting (or minimally affecting) their output. If we shuffle these neurons, or if we apply to them some perturbations (like fine-tuning) can we put them back in the original order i.e. re-synchronize? Is there a possible corruption threat? Answering these questions is important for applications like neural network white-box watermarking for ownership tracking and integrity verification. We advance a method to re-synchronize the order of permuted neurons. Our method is also effective if neurons are further altered by parameter pruning, quantization, and fine-tuning, showing robustness to integrity attacks. Additionally, we provide theoretical and practical evidence for the usual means to corrupt the integrity of the model, resulting in a solution to counter it. We test our approach on popular computer vision datasets and models, and we illustrate the threat and our countermeasure on a popular white-box watermarking method.
Downloads
Published
2024-03-24
How to Cite
De Sousa Trias, C., Mitrea, M. P., Fiandrotti, A., Cagnazzo, M., Chaudhuri, S., & Tartaglione, E. (2024). Find the Lady: Permutation and Re-synchronization of Deep Neural Networks. Proceedings of the AAAI Conference on Artificial Intelligence, 38(19), 21001-21009. https://doi.org/10.1609/aaai.v38i19.30091
Issue
Section
AAAI Technical Track on Safe, Robust and Responsible AI Track
