Deep neural networks (DNNs) have become valuable intellectual property of model owners, due to the substantial resources required for their development. To protect these assets in the deployed environment, recent research has proposed model usage control mechanisms to ensure models cannot be used without proper authorization. These methods typically lock the utility of the model by embedding an access key into its parameters. However, they often assume static deployment, and largely fail to withstand continual post-deployment model updates, such as fine-tuning or task-specific adaptation. In this paper, we propose AdaLoc, to endow key-based model usage control with adaptability during model evolution. It strategically selects a subset of weights as an intrinsic access key, which enables all model updates to be confined to this key throughout the evolution lifecycle. AdaLoc enables using the access key to restore the keyed model to the latest authorized states without redistributing the entire network (i.e., adaptation), and frees the model owner from full re-keying after each model update (i.e., lock preservation). We establish a formal foundation to underpin AdaLoc, providing crucial bounds such as the errors introduced by updates restricted to the access key. Experiments across six vision and language benchmarks and six modern architectures spanning CNNs and Transformers demonstrate that AdaLoc achieves high accuracy under significant updates while retaining robust protections. Specifically, authorized usages consistently achieve strong task-specific performance, while unauthorized usage accuracy drops to near-random guessing levels (e.g., 1.02% on CIFAR-100), compared to up to 87.01% under prior key-based defenses. This shows that AdaLoc can offer a practical solution for adaptive and protected DNN deployment in evolving real-world scenarios.

翻译：深度神经网络（DNN）因其开发所需的大量资源，已成为模型所有者的宝贵知识产权。为在部署环境中保护这些资产，近年研究提出了模型使用控制机制，确保模型未获授权即无法使用。这些方法通常通过向模型参数中嵌入访问密钥来锁定模型效用。然而，它们常假设静态部署，且难以承受部署后的持续模型更新（如微调或任务特定适应）。本文提出AdaLoc，为基于密钥的模型使用控制赋予模型演化过程中的适应性。它策略性地选择一部分权重作为内在访问密钥，使得所有模型更新在整个演化生命周期中均可被限定于此密钥之上。AdaLoc能够利用访问密钥将受密钥保护的模型恢复到最新的授权状态，而无需重新分发整个网络（即自适应），并让模型所有者免于在每次模型更新后全面重设密钥（即锁定保持）。我们为AdaLoc建立了正式基础，提供了关键性界限，例如限定于访问密钥的更新所引入的误差。在涵盖视觉与语言的六个基准测试、以及涵盖CNN和Transformer的六种现代架构上的实验表明，AdaLoc在重大更新下仍能实现高精度，同时保持稳健的保护。具体而言，授权使用始终能达到强大的任务特定性能，而未经授权使用的准确率则降至接近随机猜测的水平（例如CIFAR-100上为1.02%），相比之下，此前基于密钥的防御方法最高可达87.01%。这表明，在演化的真实世界场景中，AdaLoc能为自适应且受保护的DNN部署提供一种实用解决方案。