Rethinking the Fragility and Robustness of Fingerprints of Deep Neural Networks

May 24, 2025· · 0 min read

PDF Cite DOI

Abstract

Fingerprints characterize deep neural networks that are deployed as black-boxes. To achieve copyright tracing and integrity verification, fingerprints are categorized into robust fingerprints and fragile fingerprints. Despite of their distinct motivations, we show that both kinds of neural network fingerprints can be evaluated under a modification-scalable framework, which gives rise to a duality between their key metrics. These observations lead to a simultaneous scheme that reduces the cost of netural network intellectual property protection, with a controllable false negative rate. We implemented eleven representative families of modifications to evaluate fingerprints regarding both fragility and robustness, and verified the advantage of the simultaneous solution. Codes for reproducibility are available at .

Type

Conference paper

Publication

In IEEE International Conference on Acoustics, Speech and Signal Processing 2025

Last updated on May 24, 2025

← Enhancing Visual Forced Alignment with Local Context-Aware Feature Extraction and Multi-Task Learning May 24, 2025

Lip Feature Disentanglement for Visual Speaker Authentication in Natural Scenes May 27, 2024 →