Skip to content

ZJZAC/Passport-aware-Normalization

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

3d_point_cls

3d_point_cls

 
 

Image_cls

Image_cls

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

passport_aware.png

passport_aware.png

 
 

Repository files navigation

Passport-aware Normalization

This repo is implementation for the accepted paper "Passport-aware Normalization for Deep Model Protection" (paper,NeurIPS 2020).

Figure 1: Illustration of the proposed passport-aware normalization.

The proposed Passport-aware Normalization is effective in both image and 3D point recognition models and robust against different attacks, such as fine-tuning, model pruning and ambiguity attacks.

Image Classification

In this task, we mainly refer to the settings mentioned in the baseline method "Rethinking Deep Neural Network Ownership Verification: Embedding Passports to Defeat Ambiguity Attacks" (Code | Paper).

How to run

Take AlexNet on CIFAR10 dataset as example, which is running on default arguments.

## cd Image_cls/Ours

Train a model with passport-aware normalization and triggers

python train_v23.py -tb

Run Attacks

## Fine-tuning 
python train_v23.py -tb -tf

## Model pruning
python prun_v3.py

## Ambiguity attack I
python amb_attack_v3.py --type fake2

## Ambiguity attack II (10% flipped sign)
python amb_attack_v3.py --type fake3s  --flipperc 0.1

Experiment settings can be modified in ./experiments/classification_private.py

Details about Passpor-aware Normalization can be found in ./models/layers/passportconv2d_private.py

3D Point Clouds Classification

How to run

Take PointNet on ModelNet dataset as example:

## cd 3d_point_cls

Train a model with passport-aware normalization and triggers

python train_3_cls.py

Run Attacks

## Fine-tuning 
python fine_tune2.py

## Model pruning
python prun3.py

## Ambiguity attack I
python amb_attack.py --type fake2

## Ambiguity attack II (10% flipped sign)
python amb_attack.py --type fake3s  --flipperc 0.1

Requirements

Python >= 3.6
Pytorch >= 1.1.0

Reference By

kamwoh/DeepIPR
yanx27/Pointnet_Pointnet2_pytorch

Acknowledgement

This work was supported in part by the NSFC Grant U1636201, 62002334 and 62072421, Exploration Fund Project of University of Science and Technology of China under Grant YD3480002001, and by Fundamental Research Funds for the Central Universities under Grant WK2100000011, and Hong Kong ECS grant 21209119, Hong Kong UGC. Gang Hua is partially supported by National Key R&D Program of China Grant 2018AAA0101400 and NSFC Grant 61629301.

Citation

If you find this work useful for your research, please cite

@inproceedings{Passport-aware Normalization,
  title={Passport-aware Normalization for Deep Model Protection},
  author={Jie Zhang, Dongdong Chen, Jing Liao, Weiming Zhang, Gang Hua, and  Nenghai Yu},
  booktitle={Advances in Neural Information Processing Systems (NeurIPS)},
  year={2020},
}

License and Copyright

The project is open source under MIT license (see the LICENSE file).

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

19 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages