Model reuse techniques can reduce the resource requirements for training high-performance deep neural networks (DNNs) by leveraging existing models. However, unauthorized reuse and replication of DNNs can lead to copyright infringement and economic loss to the model owner. This underscores the need to analyze the reuse relation between DNNs and develop copyright protection techniques to safeguard intellectual property rights. Existing white-box testing-based approaches cannot address the common heterogeneous reuse case where the model architecture is changed, and DNN fingerprinting approaches heavily rely on generating adversarial examples with good transferability, which is known to be challenging in the black-box setting. To bridge the gap, we propose NFARD, a Neuron Functionality Analysis-based Reuse Detector, which only requires normal test samples to detect reuse relations by measuring the models' differences on a newly proposed model characterization, i.e., neuron functionality (NF). A set of NF-based distance metrics is designed to make NFARD applicable to both white-box and black-box settings. Moreover, we devise a linear transformation method to handle heterogeneous reuse cases by constructing the optimal projection matrix for dimension consistency, significantly extending the application scope of NFARD. To the best of our knowledge, this is the first adversarial example-free method that exploits neuron functionality for DNN copyright protection. As a side contribution, we constructed a reuse detection benchmark named Reuse Zoo that covers various practical reuse techniques and popular datasets. Extensive evaluations on this comprehensive benchmark show that NFARD achieves F1 scores of 0.984 and 1.0 for detecting reuse relationships in black-box and white-box settings, respectively, while generating test suites 2 ~ 99 times faster than previous methods.

翻译：模型重用技术能够通过利用现有模型来降低训练高性能深度神经网络（DNN）的资源需求。然而，未经授权的DNN重用与复制可能导致版权侵权，给模型所有者带来经济损失。这凸显了分析DNN间重用关系并开发版权保护技术以保障知识产权的必要性。现有的基于白盒测试的方法无法应对模型架构被改变的常见异构重用场景，而DNN指纹识别方法则严重依赖生成具有良好可迁移性的对抗示例，这在黑盒设置中已知具有挑战性。为弥补这一差距，我们提出了NFARD，一种基于神经元功能分析的重用检测器，它仅需正常测试样本，通过衡量模型在新提出的模型表征——即神经元功能（NF）上的差异来检测重用关系。我们设计了一套基于NF的距离度量，使NFARD同时适用于白盒与黑盒设置。此外，我们设计了一种线性变换方法，通过构建最优投影矩阵以实现维度一致性，从而处理异构重用案例，显著扩展了NFARD的应用范围。据我们所知，这是首个利用神经元功能进行DNN版权保护且无需对抗示例的方法。作为一项附带贡献，我们构建了一个名为Reuse Zoo的重用检测基准，涵盖了多种实用重用技术和流行数据集。在此综合基准上的广泛评估表明，NFARD在检测黑盒与白盒设置中的重用关系时，分别达到了0.984和1.0的F1分数，同时生成测试套件的速度比先前方法快2至99倍。