International Joint Conference On Theoretical Computer Science – Frontier of Algorithmic Wisdom

August 15-19, 2022, City University of Hong Kong, Hong Kong

 

Invited Speakers

Machine Learning and Formal Method


Copy, Right? A Testing Framework for Copyright Protection of Deep Learning Models

Jingyi Wang

Zhejiang University

Abstract:
Deep learning models, especially those large-scale and high-performance ones, can be very costly to train, demanding a considerable amount of data and computational resources. As a result, deep learning models have become one of the most valuable assets in modern artificial intelligence. Unauthorized duplication or reproduction of deep learning models can lead to copyright infringement and cause huge economic losses to model owners, calling for effective copyright protection techniques. In this talk, I will present a novel testing framework for deep learning copyright protection: DeepJudge. DeepJudge quantitatively tests the similarities between two deep learning models: a victim model and a suspect model. It leverages a diverse set of testing metrics and efficient test case generation algorithms to produce a chain of supporting evidence to help determine whether a suspect model is a copy of the victim model. Advantages of DeepJudge comparing to traditional watermarking or fingerprinting work include: 1) non-invasive, as it works directly on the model and does not tamper with the training process; 2) efficient, as it only needs a small set of seed test cases and a quick scan of the two models; 3) flexible, i.e., it can easily incorporate new testing metrics or test case generation methods to obtain more confident and robust judgement; and 4) fairly robust to model extraction attacks and adaptive attacks. We verify the effectiveness of DeepJudge under three typical copyright infringement scenarios, including model finetuning, pruning and extraction, via extensive experiments on both image classification and speech recognition datasets with a variety of model architectures.

Bio:
Jingyi Wang is currently an Assistant Professor in Zhejiang University. Before that, he was a Research Fellow in National University of Singapore. He received his B.E. and Ph.D. from Xi'an Jiaotong University and Singapore University of Technology and Design in 2013 and 2018 respectively. His research concerns how to better design, implement and analyze artificial intelligence (AI) systems and cyber-physical systems (CPS), such as autonomous driving cars, industrial control systems, and recommendation systems, supported by various software engineering (SE) techniques ranging from formal methods, program analysis to software testing. His research has been published in top conferences and journals such as ICSE, S&P, TSE, TACAS and FM. He has won ICSE's Distinguished Paper Award twice (ICSE 2018/2020). His ICSE 2020 AI Fairness Testing work has also been selected for ACM SIGSOFT Research Highlights.