Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Model Provenance via Model DNA

Xin Mu, Yu Wang, Yehong Zhang, Jiaqi Zhang, Hui Wang, Yang Xiang, Yue Yu

TL;DR

This work formalizes Model Provenance (MP) and introduces Model DNA as a compact representation combining training data and input-output behavior to identify whether a source model is the provenance of a target model. It presents MGMP, a framework with DNA generation, DNA similarity loss, and a provenance classifier that jointly optimizes representation learning and provenance prediction. Evaluations on CV and NLP benchmarks show MGMP can accurately distinguish homologous from non-homologous models and that the DNA generator module improves performance. The approach enables efficient auditing of model lineage and has implications for IP protection and secure model deployment.

Abstract

Understanding the life cycle of the machine learning (ML) model is an intriguing area of research (e.g., understanding where the model comes from, how it is trained, and how it is used). This paper focuses on a novel problem within this field, namely Model Provenance (MP), which concerns the relationship between a target model and its pre-training model and aims to determine whether a source model serves as the provenance for a target model. This is an important problem that has significant implications for ensuring the security and intellectual property of machine learning models but has not received much attention in the literature. To fill in this gap, we introduce a novel concept of Model DNA which represents the unique characteristics of a machine learning model. We utilize a data-driven and model-driven representation learning method to encode the model's training data and input-output information as a compact and comprehensive representation (i.e., DNA) of the model. Using this model DNA, we develop an efficient framework for model provenance identification, which enables us to identify whether a source model is a pre-training model of a target model. We conduct evaluations on both computer vision and natural language processing tasks using various models, datasets, and scenarios to demonstrate the effectiveness of our approach in accurately identifying model provenance.

Model Provenance via Model DNA

TL;DR

This work formalizes Model Provenance (MP) and introduces Model DNA as a compact representation combining training data and input-output behavior to identify whether a source model is the provenance of a target model. It presents MGMP, a framework with DNA generation, DNA similarity loss, and a provenance classifier that jointly optimizes representation learning and provenance prediction. Evaluations on CV and NLP benchmarks show MGMP can accurately distinguish homologous from non-homologous models and that the DNA generator module improves performance. The approach enables efficient auditing of model lineage and has implications for IP protection and secure model deployment.

Abstract

Understanding the life cycle of the machine learning (ML) model is an intriguing area of research (e.g., understanding where the model comes from, how it is trained, and how it is used). This paper focuses on a novel problem within this field, namely Model Provenance (MP), which concerns the relationship between a target model and its pre-training model and aims to determine whether a source model serves as the provenance for a target model. This is an important problem that has significant implications for ensuring the security and intellectual property of machine learning models but has not received much attention in the literature. To fill in this gap, we introduce a novel concept of Model DNA which represents the unique characteristics of a machine learning model. We utilize a data-driven and model-driven representation learning method to encode the model's training data and input-output information as a compact and comprehensive representation (i.e., DNA) of the model. Using this model DNA, we develop an efficient framework for model provenance identification, which enables us to identify whether a source model is a pre-training model of a target model. We conduct evaluations on both computer vision and natural language processing tasks using various models, datasets, and scenarios to demonstrate the effectiveness of our approach in accurately identifying model provenance.
Paper Structure (21 sections, 9 equations, 6 figures, 5 tables)

This paper contains 21 sections, 9 equations, 6 figures, 5 tables.

Table of Contents

  1. Related work
  2. Model Provenance (MP)
  3. Definition
  4. Discussion
  5. The proposed framework
  6. Model DNA
  7. MGMP
  8. DNA generation
  9. DNA similarity loss
  10. Provenance classifier
  11. Joint optimization
  12. Prediction
  13. Experiments
  14. Experimental settings.
  15. Evaluation on CV tasks
  16. ...and 6 more sections

Figures (6)

  • Figure 1: ResNet18. (a) No replace layer. (b) Replace target model's last layer with source model. (c) Replace last two layers. (d) Replace last three layers. (e) Replace target model (random initialization)'s last three layers with source model.
  • Figure 2: The MGMP framework.
  • Figure 3: Similarity in DNA space.
  • Figure 4: The visualization of the DNA fragments of the source model (red), homologous target model (yellow), and non-homologous target model (blue).
  • Figure 5: AlexNet. (a) No replace layer. (b) Replace target model's last layer with source model. (c) Replace last two layers. (d) Replace last three layers. (e) Replace target model (random initialization)'s last three layers with source model.
  • ...and 1 more figures

Theorems & Definitions (1)

  • Definition 1