MEA-Defender: A Robust Watermark against Model Extraction Attack

Recently, numerous highly-valuable Deep Neural Networks (DNNs) have been trained using deep learning algorithms. To protect the Intellectual Property (IP) of the original owners over such DNN models, backdoor-based watermarks have been extensively studied. However, most of such watermarks fail upon model extraction attack, which utilizes input samples to query the target model and obtains the corresponding outputs, thus training a substitute model using such input-output pairs. In this paper, we propose a novel watermark to protect IP of DNN models against model extraction, named MEA-Defender. In particular, we obtain the watermark by combining two samples from two source classes in the input domain and design a watermark loss function that makes the output domain of the watermark within that of the main task samples. Since both the input domain and the output domain of our watermark are indispensable parts of those of the main task samples, the watermark will be extracted into the stolen model along with the main task during model extraction. We conduct extensive experiments on four model extraction attacks, using five datasets and six models trained based on supervised learning and self-supervised learning algorithms. The experimental results demonstrate that MEA-Defender is highly robust against different model extraction attacks, and various watermark removal/detection approaches.Comment: To Appear in IEEE Symposium on Security and Privacy 2024 (IEEE S&P 2024), MAY 20-23, 2024, SAN FRANCISCO, CA, US

SSL-WM: A Black-Box Watermarking Approach for Encoders Pre-trained by Self-supervised Learning

Recent years have witnessed significant success in Self-Supervised Learning (SSL), which facilitates various downstream tasks. However, attackers may steal such SSL models and commercialize them for profit, making it crucial to protect their Intellectual Property (IP). Most existing IP protection solutions are designed for supervised learning models and cannot be used directly since they require that the models' downstream tasks and target labels be known and available during watermark embedding, which is not always possible in the domain of SSL. To address such a problem especially when downstream tasks are diverse and unknown during watermark embedding, we propose a novel black-box watermarking solution, named SSL-WM, for protecting the ownership of SSL models. SSL-WM maps watermarked inputs by the watermarked encoders into an invariant representation space, which causes any downstream classifiers to produce expected behavior, thus allowing the detection of embedded watermarks. We evaluate SSL-WM on numerous tasks, such as Computer Vision (CV) and Natural Language Processing (NLP), using different SSL models, including contrastive-based and generative-based. Experimental results demonstrate that SSL-WM can effectively verify the ownership of stolen SSL models in various downstream tasks. Furthermore, SSL-WM is robust against model fine-tuning and pruning attacks. Lastly, SSL-WM can also evade detection from evaluated watermark detection approaches, demonstrating its promising application in protecting the IP of SSL models

An Investigation on the Grasping Position Optimization-Based Control for Industrial Soft Robot Manipulator

Mitigating fatigue damage and improving grasping performance are the two main challenging tasks of applying the soft manipulator into industrial production. In this paper, the grasping position optimization-based control strategy is proposed for the soft manipulator and the corresponding characteristics are studied theoretically and experimentally. Specifically, based on the simulation, the resultant stress of step-function-type channels at the same pressure condition that was smallest compared with those of sine-function- and ramp-function-type channels, hence, a pneumatic network with step-function-type channels was selected for the proposed soft manipulator. Furthermore, in order to improve the grasping performance, the kinematics, mechanical, and grasping modeling for the soft manipulator were established, and a control strategy considering the genetic algorithm is introduced to detect the optimal position of the soft manipulator. The corresponding fabrication process and experiments were conducted to cross verify the results of the modeling and the control strategy. It is demonstrated that the internal pressure of the soft manipulator was reduced by 13.05% at the optimal position, which effectively helped mitigate the fatigue damage of the soft manipulator and prolonged the lifespan

An Investigation on the Grasping Position Optimization-Based Control for Industrial Soft Robot Manipulator

Mitigating fatigue damage and improving grasping performance are the two main challenging tasks of applying the soft manipulator into industrial production. In this paper, the grasping position optimization-based control strategy is proposed for the soft manipulator and the corresponding characteristics are studied theoretically and experimentally. Specifically, based on the simulation, the resultant stress of step-function-type channels at the same pressure condition that was smallest compared with those of sine-function- and ramp-function-type channels, hence, a pneumatic network with step-function-type channels was selected for the proposed soft manipulator. Furthermore, in order to improve the grasping performance, the kinematics, mechanical, and grasping modeling for the soft manipulator were established, and a control strategy considering the genetic algorithm is introduced to detect the optimal position of the soft manipulator. The corresponding fabrication process and experiments were conducted to cross verify the results of the modeling and the control strategy. It is demonstrated that the internal pressure of the soft manipulator was reduced by 13.05% at the optimal position, which effectively helped mitigate the fatigue damage of the soft manipulator and prolonged the lifespan