Trained Deep Neural Network (DNN) models are considered valuable Intellectual Properties (IP) in several business models. Prevention of IP theft and unauthorized usage of such DNN models has been raised as of significant concern by industry. In this paper, we address the problem of preventing unauthorized usage of DNN models by proposing a generic and lightweight key-based model-locking scheme, which ensures that a locked model functions correctly only upon applying the correct secret key. The proposed scheme, known as Deep-Lock, utilizes S-Boxes with good security properties to encrypt each parameter of a trained DNN model with secret keys generated from a master key via a key scheduling algorithm. The resulting dense network of encrypted weights is found robust against model fine-tuning attacks. Finally, Deep-Lock does not require any intervention in the structure and training of the DNN models, making it applicable for all existing software and hardware implementations of DNN.

翻译：训练后的深度神经网络模型在多种商业模式中被视为具有高价值的知识产权。工业界对防止此类模型的知识产权盗用及未授权使用问题日益关注。本文提出一种通用且轻量级的基于密钥的模型锁定方案，通过确保锁定后的模型仅在输入正确密钥时才能正常运行，从而解决深度神经网络模型的未授权使用问题。所提出的方案称为Deep-Lock，利用具有良好安全特性的S盒，通过密钥调度算法从主密钥生成秘密密钥，对训练后深度神经网络模型的每个参数进行加密。实验表明，这种加密权重的密集网络对模型微调攻击具有鲁棒性。最后，Deep-Lock无需干预深度神经网络模型的结构与训练过程，因此可适用于所有现存的软件和硬件深度学习实现方案。