| Proj No. | A2044-251 |
| Title | Robust Deep Neural Networks Intellectual Property Protection Against Fine-tuning Attacks |
| Summary | Pre-trained models have significantly advanced machine learning by providing high-quality feature representations, which are valuable intellectual property (IP) of model owners. While fine-tuning these models on smaller, task-specific datasets allows developers to expedite AI application development, it also poses IP risks. This adaptability might be exploited by adversaries in broadening the model's applicability and exposing proprietary information. To mitigate such threats, we consider the non-fine-tunable learning paradigm for deep learning network IP protection. This approach refrains the transferability of pre-trained models to unintended tasks, while preserving their performance on original tasks. The non-fine-tunable learning problem can be formulated as a multi-objective optimization framework. It comprises two key components: 1. Fine-tuning suppression term: This component minimizes the model performance in restricted domains with the feedback provided by the simulated finetuning processes and 2. Original task reinforcement term: This component maximizes the model's performance on original tasks to maintain its intended functionality. By balancing these objectives, the model becomes resilient to unauthorized fine-tuning attempts, thereby safeguarding its IP while retaining efficacy in its original applications. In this project, the student is expected to have interest in deep learning security, and basic theoretical and practical knowledge on deep learning. The student could start by exploring and understanding the deep learning networks and training algorithms. Then he/she will implement non-fine-tunable learning. Student who wish to work on this project are encouraged to contact the supervisor for more information before making the selection. |
| Supervisor | Prof Chang Chip Hong (Loc:S2 > S2 B2C > S2 B2C 97, Ext: +65 67905873) |
| Co-Supervisor | - |
| RI Co-Supervisor | - |
| Lab | VIRTUS, IC Design Centre of Excellence (Loc: S3.2-B2 Tel 6592 1844) |
| Single/Group: | Single |
| Area: | Digital Media Processing and Computer Engineering |
| ISP/RI/SMP/SCP?: |