Authority Backdoor: A Certifiable Backdoor Mechanism for Authoring DNNs

Authors

  • Han Yang Southeast University
  • Shaofeng Li Southeast University
  • Tian Dong University of Hong Kong
  • Xiangyu Xu Southeast University
  • Guangchi Liu Southeast University
  • Zhen Ling Southeast University

DOI:

https://doi.org/10.1609/aaai.v40i2.37117

Abstract

Deep Neural Networks (DNNs), as valuable intellectual property, face unauthorized use. Existing protections, such as digital watermarking, are largely passive; they provide only post-hoc ownership verification and cannot actively prevent the illicit use of a stolen model. This work proposes a proactive protection scheme, dubbed ``Authority Backdoor," which embeds access constraints directly into the model. In particular, the scheme utilizes a backdoor learning framework to intrinsically lock a model's utility, such that it performs normally only in the presence of a specific trigger (e.g., a hardware fingerprint). But in its absence, the DNN's performance degrades to be useless. To further enhance the security of the proposed authority scheme, the certifiable robustness is integrated to prevent an adaptive attacker from removing the implanted backdoor. The resulting framework establishes a secure authority mechanism for DNNs, combining access control with certifiable robustness against adversarial attacks. Extensive experiments on diverse architectures and datasets validate the effectiveness and certifiable robustness of the proposed framework.
AAAI-26 / IAAI-26 / EAAI-26 Proceedings Cover

Downloads

Published

2026-03-14

How to Cite

Yang, H., Li, S., Dong, T., Xu, X., Liu, G., & Ling, Z. (2026). Authority Backdoor: A Certifiable Backdoor Mechanism for Authoring DNNs. Proceedings of the AAAI Conference on Artificial Intelligence, 40(2), 1426–1434. https://doi.org/10.1609/aaai.v40i2.37117

Issue

Vol. 40 No. 2: AAAI-26 Technical Tracks 2

Section

AAAI Technical Track on Application Domains II