PUF-Based Intellectual Property Protection for CNN Model

Dawei Li; Yangkun Ren; Di Liu; Zhenyu Guan; Qianyun Zhang; Yanzhao Wang; Jianwei Liu

doi:10.1007/978-3-031-10989-8_57

PUF-Based Intellectual Property Protection for CNN Model

Dawei Li
, Yangkun Ren
, Di Liu
, Zhenyu Guan^*
, Qianyun Zhang
, Yanzhao Wang
, Jianwei Liu

^*此作品的通讯作者

网络空间安全学院

Beihang University
Ltd.

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

7 引用（Scopus）

摘要

It usually takes a lot of time and resources to train a high-accurate Machine Learning model, so it is believed that the trainer owns the Intellectual Property (IP) of the model. With the help of various computing accelerators, a Machine Learning model can run on FPGAs, and model providers render services by selling FPGAs with models embedded. Unauthorized copying of the model infringes the owner’s copyrights, so there is an urgent need for the effective protection of model IP. In this paper, we propose a Physical Unclonable Function (PUF) based CNN model IP protection scheme. Before selling the model, the model providers confuse the parameters of the model with the response of a PUF, then embed the confused model into the FPGA where the PUF is. In this way, the protected model can get correct results only if running on the specific FPGA. Experimental results show that the performance difference between the confused model and the original model is negligible, and it is difficult for the adversary to get the correct parameters. Our approach effectively protects the IP of the model by restricting the model to only run on the specified FPGA and is easily extended to other models with convolutional layers and linear fully connected layers.

源语言	英语
主期刊名	Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings
编辑	Gerard Memmi, Baijian Yang, Linghe Kong, Tianwei Zhang, Meikang Qiu
出版商	Springer Science and Business Media Deutschland GmbH
页	722-733
页数	12
ISBN（印刷版）	9783031109881
DOI	https://doi.org/10.1007/978-3-031-10989-8_57
出版状态	已出版 - 2022
活动	15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022 - Singapore, 新加坡期限: 6 8月 2022 → 8 8月 2022

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	13370 LNAI
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022
国家/地区	新加坡
市	Singapore
时期	6/08/22 → 8/08/22

访问文件

10.1007/978-3-031-10989-8_57

其它文件与链接

链接到 Scopus 的出版物

引用此

Li, D., Ren, Y., Liu, D., Guan, Z., Zhang, Q., Wang, Y., & Liu, J. (2022). PUF-Based Intellectual Property Protection for CNN Model. 在 G. Memmi, B. Yang, L. Kong, T. Zhang, & M. Qiu (编辑), Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings (页码 722-733). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 13370 LNAI). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-10989-8_57

Li, Dawei ; Ren, Yangkun ; Liu, Di 等. / PUF-Based Intellectual Property Protection for CNN Model. Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. 编辑 / Gerard Memmi ; Baijian Yang ; Linghe Kong ; Tianwei Zhang ; Meikang Qiu. Springer Science and Business Media Deutschland GmbH, 2022. 页码 722-733 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{573341d10a244d25b5ee6a046cf74dbc,

title = "PUF-Based Intellectual Property Protection for CNN Model",

abstract = "It usually takes a lot of time and resources to train a high-accurate Machine Learning model, so it is believed that the trainer owns the Intellectual Property (IP) of the model. With the help of various computing accelerators, a Machine Learning model can run on FPGAs, and model providers render services by selling FPGAs with models embedded. Unauthorized copying of the model infringes the owner{\textquoteright}s copyrights, so there is an urgent need for the effective protection of model IP. In this paper, we propose a Physical Unclonable Function (PUF) based CNN model IP protection scheme. Before selling the model, the model providers confuse the parameters of the model with the response of a PUF, then embed the confused model into the FPGA where the PUF is. In this way, the protected model can get correct results only if running on the specific FPGA. Experimental results show that the performance difference between the confused model and the original model is negligible, and it is difficult for the adversary to get the correct parameters. Our approach effectively protects the IP of the model by restricting the model to only run on the specified FPGA and is easily extended to other models with convolutional layers and linear fully connected layers.",

keywords = "CNN, FPGA, IP protection, Machine learning, PUF",

author = "Dawei Li and Yangkun Ren and Di Liu and Zhenyu Guan and Qianyun Zhang and Yanzhao Wang and Jianwei Liu",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022 ; Conference date: 06-08-2022 Through 08-08-2022",

year = "2022",

doi = "10.1007/978-3-031-10989-8\_57",

language = "英语",

isbn = "9783031109881",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "722--733",

editor = "Gerard Memmi and Baijian Yang and Linghe Kong and Tianwei Zhang and Meikang Qiu",

booktitle = "Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings",

address = "德国",

}

Li, D, Ren, Y, Liu, D, Guan, Z , Zhang, Q, Wang, Y & Liu, J 2022, PUF-Based Intellectual Property Protection for CNN Model. 在 G Memmi, B Yang, L Kong, T Zhang & M Qiu (编辑), Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 13370 LNAI, Springer Science and Business Media Deutschland GmbH, 页码 722-733, 15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022, Singapore, 新加坡, 6/08/22. https://doi.org/10.1007/978-3-031-10989-8_57

PUF-Based Intellectual Property Protection for CNN Model. / Li, Dawei; Ren, Yangkun; Liu, Di 等.
Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. 编辑 / Gerard Memmi; Baijian Yang; Linghe Kong; Tianwei Zhang; Meikang Qiu. Springer Science and Business Media Deutschland GmbH, 2022. 页码 722-733 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 13370 LNAI).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - PUF-Based Intellectual Property Protection for CNN Model

AU - Li, Dawei

AU - Ren, Yangkun

AU - Liu, Di

AU - Guan, Zhenyu

AU - Zhang, Qianyun

AU - Wang, Yanzhao

AU - Liu, Jianwei

PY - 2022

Y1 - 2022

N2 - It usually takes a lot of time and resources to train a high-accurate Machine Learning model, so it is believed that the trainer owns the Intellectual Property (IP) of the model. With the help of various computing accelerators, a Machine Learning model can run on FPGAs, and model providers render services by selling FPGAs with models embedded. Unauthorized copying of the model infringes the owner’s copyrights, so there is an urgent need for the effective protection of model IP. In this paper, we propose a Physical Unclonable Function (PUF) based CNN model IP protection scheme. Before selling the model, the model providers confuse the parameters of the model with the response of a PUF, then embed the confused model into the FPGA where the PUF is. In this way, the protected model can get correct results only if running on the specific FPGA. Experimental results show that the performance difference between the confused model and the original model is negligible, and it is difficult for the adversary to get the correct parameters. Our approach effectively protects the IP of the model by restricting the model to only run on the specified FPGA and is easily extended to other models with convolutional layers and linear fully connected layers.

AB - It usually takes a lot of time and resources to train a high-accurate Machine Learning model, so it is believed that the trainer owns the Intellectual Property (IP) of the model. With the help of various computing accelerators, a Machine Learning model can run on FPGAs, and model providers render services by selling FPGAs with models embedded. Unauthorized copying of the model infringes the owner’s copyrights, so there is an urgent need for the effective protection of model IP. In this paper, we propose a Physical Unclonable Function (PUF) based CNN model IP protection scheme. Before selling the model, the model providers confuse the parameters of the model with the response of a PUF, then embed the confused model into the FPGA where the PUF is. In this way, the protected model can get correct results only if running on the specific FPGA. Experimental results show that the performance difference between the confused model and the original model is negligible, and it is difficult for the adversary to get the correct parameters. Our approach effectively protects the IP of the model by restricting the model to only run on the specified FPGA and is easily extended to other models with convolutional layers and linear fully connected layers.

KW - CNN

KW - FPGA

KW - IP protection

KW - Machine learning

KW - PUF

UR - https://www.scopus.com/pages/publications/85135038361

U2 - 10.1007/978-3-031-10989-8_57

DO - 10.1007/978-3-031-10989-8_57

M3 - 会议稿件

AN - SCOPUS:85135038361

SN - 9783031109881

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 722

EP - 733

BT - Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings

A2 - Memmi, Gerard

A2 - Yang, Baijian

A2 - Kong, Linghe

A2 - Zhang, Tianwei

A2 - Qiu, Meikang

PB - Springer Science and Business Media Deutschland GmbH

T2 - 15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022

Y2 - 6 August 2022 through 8 August 2022

ER -

Li D, Ren Y, Liu D, Guan Z , Zhang Q, Wang Y 等. PUF-Based Intellectual Property Protection for CNN Model. 在 Memmi G, Yang B, Kong L, Zhang T, Qiu M, 编辑, Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. 页码 722-733. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-10989-8_57

PUF-Based Intellectual Property Protection for CNN Model

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此