基于掩码矩阵的两阶段模型功能隐藏算法

doi:10.12677/mos.2025.144285

期刊菜单

基于掩码矩阵的两阶段模型功能隐藏算法
Mask Matrix-Based Two-Stage Model Function Hiding Algorithm

DOI: 10.12677/mos.2025.144285, PDF,
作者: 李朋朋, 黄霖, 韩彦芳：上海理工大学光电信息与计算机工程学院，上海
关键词: 深度神经网络；模型功能隐藏；掩码矩阵；分布统计损失；无损恢复；Deep Neural Network； Model Function Hiding； Mask Matrix； Distribution Statistical Loss； Lossless Recovery

摘要: 随着人工智能技术的快速发展，深度神经网络模型已成为重要的数字资产，保护其版权和隐蔽传输成为关键问题。传统的模型水印技术和主动保护方案虽然在一定程度上能够防止模型被盗用，但仍然存在隐蔽性差、性能下降等问题。为此，本文提出了一种基于掩码矩阵的两阶段模型功能隐藏算法，旨在解决深度神经网络模型在公共信道中的隐蔽传输问题。该方法通过两阶段的设计，能够在解码阶段对模型做到无损恢复。算法通过生成掩码矩阵隐藏秘密任务，同时引入参数统计损失约束，最小化掩码矩阵对模型参数分布的影响，提高传输过程中的隐蔽性。实验结果表明，提出方法在不同结构模型上都有优秀的表现，模型加密前后的KL散度平均值为0.0044，秘密任务恢复后的平均准确率可以达到93.08%。所提算法为DNN模型的安全隐蔽传输提供了有效的解决方案，具有广泛的应用前景。

Abstract: With the rapid development of artificial intelligence technology, deep neural network models have become important digital assets, making the protection of their copyright and secure transmission critical issues. Although traditional model watermarking techniques and active protection schemes can prevent model theft, they still face problems such as poor concealment and performance degradation. To address this, this paper proposes a two-stage model functionality hiding algorithm based on a mask matrix, aiming to solve the problem of secure transmission of deep neural network models over public channels. The proposed method enables lossless recovery of the model during the decoding stage through a two-stage design. The algorithm generates a mask matrix to hide the secret task while introducing a parameter statistical loss constraint to minimize the impact of the mask matrix on the model’s parameter distribution, thus improving the concealment during transmission. Experimental results show that the proposed method performs excellently across models with different architectures, with an average KL divergence of 0.0044 before and after model encryption, and the average accuracy of the recovered secret task reaches 93.08%. The proposed algorithm provides an effective solution for the secure and concealed transmission of DNN models, with broad application prospects.

文章引用：李朋朋, 黄霖, 韩彦芳. 基于掩码矩阵的两阶段模型功能隐藏算法[J]. 建模与仿真, 2025, 14(4): 272-282. https://doi.org/10.12677/mos.2025.144285

参考文献

[1]	Uchida, Y., Nagai, Y., Sakazawa, S. and Satoh, S. (2017) Embedding Watermarks into Deep Neural Networks. Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval, Bucharest, 6-9 June 2017, 269-277. [Google Scholar] [CrossRef]
[2]	Guan, X., Feng, H., Zhang, W., Zhou, H., Zhang, J. and Yu, N. (2020) Reversible Watermarking in Deep Convolutional Neural Networks for Integrity Authentication. Proceedings of the 28th ACM International Conference on Multimedia, Seattle, 12-16 October 2020, 2273-2280. [Google Scholar] [CrossRef]
[3]	Adi, Y., Baum, C., Cisse, M., Pinkas, B. and Keshet, J. (2018) Turning Your Weakness into a Strength: Watermarking Deep Neural Networks by Backdooring. Proceedings of the 27th USENIX Conference on Security Symposium, Baltimore, 15-17 August 2018, 1615-1631.
[4]	Jia, H., Choquette-Choo, C., Chandrasekaran, V. and Papernot, N. (2021) Entangled Watermarks as a Defense against Model Extraction. Proceedings of the 2021 USENIX Conference on Security Symposium, Online, 11-13 August 2021, 1937-1954.
[5]	Xue, M., Wu, Z., Zhang, Y., Wang, J. and Liu, W. (2023) AdvParams: An Active DNN Intellectual Property Protection Technique via Adversarial Perturbation Based Parameter Encryption. IEEE Transactions on Emerging Topics in Computing, 11, 664-678. [Google Scholar] [CrossRef]
[6]	Wu, Y., Xue, M., Gu, D., Zhang, Y. and Liu, W. (2022) Sample-Specific Backdoor Based Active Intellectual Property Protection for Deep Neural Networks. 2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems (AICAS), Incheon, 13-15 June 2022, 316-319. [Google Scholar] [CrossRef]
[7]	Kessler, G.C. and Hosmer, C. (2011) An Overview of Steganography. Advances in Computers, 83, 51-107. [Google Scholar] [CrossRef]
[8]	Cipolla, R., Gal, Y. and Kendall, A. (2018) Multi-Task Learning Using Uncertainty to Weigh Losses for Scene Geometry and Semantics. 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Salt Lake City, 18-23 June 2018, 7482-7491. [Google Scholar] [CrossRef]
[9]	Zhang, W., Li, L. and Barni, M. (2022) Covert Task Embedding: Turning a DNN into an Insider Agent Leaking Out Private Information. IEEE Transactions on Neural Networks and Learning Systems, 35, 10159-10166. [Google Scholar] [CrossRef]
[10]	Guo, Y., Qian, Z. and Zhang, X. (2022) Hiding Function with Neural Networks. 2022 IEEE 24th International Workshop on Multimedia Signal Processing (MMSP), Shanghai, 26-28 September 2022, 1-5. [Google Scholar] [CrossRef]
[11]	Guo, C., Wu, R. and Weinberger, K. (2020) On Hiding Neural Networks Inside Neural Networks. arXiv: 2002.10078. [Google Scholar] [CrossRef]
[12]	Li, G., Li, S., Li, M., Zhang, X. and Qian, Z. (2023) Steganography of Steganographic Networks. Proceedings of the AAAI Conference on Artificial Intelligence, 37, 5178-5186. [Google Scholar] [CrossRef]
[13]	Li, G., Li, S., Li, M., Qian, Z. and Zhang, X. (2023) Towards Deep Network Steganography: From Networks to Networks. arXiv: 2307.03444. [Google Scholar] [CrossRef]
[14]	He, K., Zhang, X., Ren, S. and Sun, J. (2016) Deep Residual Learning for Image Recognition. 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, 27-30 June 2016, 770-778. [Google Scholar] [CrossRef]
[15]	Simonyan, K. and Zisserman, A. (2015) Very Deep Convolutional Networks for Large-Scale Image Recognition. Proceedings of the 2015 International Conference on Learning Representations, San Diego, 7-9 May 2015, 1-14.
[16]	Huang, G., Liu, Z., Van Der Maaten, L. and Weinberger, K.Q. (2017) Densely Connected Convolutional Networks. 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Honolulu, 21-26 July 2017, 2261-2269. [Google Scholar] [CrossRef]
[17]	Sandler, M., Howard, A., Zhu, M., Zhmoginov, A. and Chen, L. (2018) MobileNetV2: Inverted Residuals and Linear Bottlenecks. 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Salt Lake City, 18-23 June 2018, 4510-4520. [Google Scholar] [CrossRef]
[18]	Krizhevsky, A. (2009) Learning Multiple Layers of Features from Tiny Images. https://www.cs.toronto.edu/~kriz/learning-features-2009-TR.pdf
[19]	Xiao, H., Rasul, K. and Vollgraf, R. (2017) Fashion-MNIST: A Novel Image Dataset for Benchmarking Machine Learning Algorithms. arXiv: 1708.07747. [Google Scholar] [CrossRef]
[20]	Huang, Z., Shao, W., Wang, X., Lin, L. and Luo, P. (2021) Rethinking the Pruning Criteria for Convolutional Neural Network. Proceedings of the 35th International Conference on Neural Information Processing Systems, Online, 6-14 December 2021, 16305-16318.
[21]	Tian, J., Zhou, J. and Duan, J. (2021) Probabilistic Selective Encryption of Convolutional Neural Networks for Hierarchical Services. 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Nashville, 20-25 June 2021, 2205-2214. [Google Scholar] [CrossRef]

为你推荐

友情链接