MEA-Defender: A Robust Watermark against Model Extraction Attack
Peizhuo Lv, Hualong Ma, Kai Chen, Jiachen Zhou, Shengzhi Zhang, Ruigang Liang
IEEE Symposium on Security and Privacy 2024 · Day 2 · Continental Ballroom 5
In an era where artificial intelligence models represent significant intellectual property and competitive advantage, protecting these valuable assets from unauthorized duplication and misuse has become a paramount concern. This talk, presented by Peizhuo Lv and co-authors from Transac D Senses at IEEE S&P, introduces MEA-Defender, a novel and robust **watermarking** technique designed to safeguard deep learning models against sophisticated **model extraction attacks**. These attacks, which essentially allow an adversary to steal a functional copy of a proprietary model by querying it, pose a severe threat to the economic viability and security of AI services.
AI review
This work introduces MEA-Defender, a groundbreaking watermarking technique employing an Asymptotic Backdoor (AstBD) to protect deep learning models from extraction attacks. Its strength lies in crafting watermarks that are distribution-aligned with the model's primary task, making them exceptionally robust against removal and significantly degrading the utility of stolen models. This is a critical advancement for AI intellectual property protection.