Project 39: Watermarking Deep Learning Models with Differentially Privacy-Preserving Penetrative Backdoors
Home Project 39: Watermarking Deep Learning Models with Differentially Privacy-Preserving Penetrative Backdoors
Apply
01 Introduction
02 Eligibility
03 Apply
04 Fee
05 Life@SJTU
06 Practical Information

Project 39: Watermarking Deep Learning Models with Differentially Privacy-Preserving Penetrative Backdoors

Contact Information:

Prof. Yue Wu

Email: wuyue@sjtu.edu.cn

Prof. Shilin Wang

Email: wsl@sjtu.edu.cn

 

Project Description and Objectives:

Watermarking deep learning models is the basic method for ownership verification (OV) and intellectual property regulation. Backdoor is a promising option in the black-box OV scenario, yet its feasibility relies on the backdoor’s power, especially its ability in penetrating adversarial filtering. Although there have been efforts devoted to designing penetrative backdoors, they either lack provable value or leak substantial knowledge on the author’s data, which is a violation of data privacy. Differential privacy has been considered as a plausible definition of privacy, this project aims to combine these two elements to facilitate the applicability of black-box deep learning model watermark with privacy-preserving backdoors with the penetrative ability.

 

Eligibility Requirements:

Elementary knowledge on machine learning, deep learning, and statistics.

Main Tasks:

 

Review literature on deep learning model watermarking and differential privacy.

Design a prototype of differentially privacy-preserving backdoor for watermarking.

Website:

Lab: http://nelcat.sjtu.edu.cn/

School: http://infosec.sjtu.edu.cn