kth.sePublications KTH
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Hybrid Fingerprinting for Effective Detection of Cloned Neural Networks
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0002-1707-5178
KTH, School of Electrical Engineering and Computer Science (EECS), Electrical Engineering, Electronics and Embedded systems.ORCID iD: 0000-0001-7382-9408
Ericsson AB, Lund, Sweden.
Ericsson AB, Lund, Sweden.
Show others and affiliations
2025 (English)In: Proceedings - 2025 IEEE 55th International Symposium on Multiple-Valued Logic, ISMVL 2025, Institute of Electrical and Electronics Engineers (IEEE) , 2025, p. 129-134Conference paper, Published paper (Refereed)
Abstract [en]

As artificial intelligence plays an increasingly important role in decision-making within critical infrastructure, ensuring the authenticity and integrity of neural networks is crucial. This paper addresses the problem of detecting cloned neural networks. We present a method for identifying clones that employs a combination of metrics from both the information and physical domains: output predictions, probability score vectors, and power traces measured from the device running the neural network during inference. We compare the effectiveness of each metric individually, as well as in combination. Our results show that the effectiveness of both the information and the physical domain metrics is excellent for a clone that is a near replica of the target neural network. Furthermore, both the physical domain metric individually and the hybrid approach outperform the information domain metrics at detecting clones whose weights were extracted with low accuracy. The presented method offers a practical solution for verifying neural network authenticity and integrity. It is particularly useful in scenarios where neural networks are at risk of model extraction attacks, such as in cloud-based machine learning services.
Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE) , 2025. p. 129-134
Keywords [en]
fingerprinting, intellectual property, model extraction, neural networks, power side channels
National Category
Communication Systems Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-368825DOI: 10.1109/ISMVL64713.2025.00033ISI: 001540510800025Scopus ID: 2-s2.0-105009321533OAI: oai:DiVA.org:kth-368825DiVA, id: diva2:1994336
Conference
55th IEEE International Symposium on Multiple-Valued Logic, ISMVL 2025, Montreal, Canada, Jun 5 2025 - Jun 6 2025
Note

Part of ISBN 9798331507442

QC 20250902

Available from: 2025-09-02 Created: 2025-09-02 Last updated: 2025-12-08Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Aknesil, CanDubrova, Elena

Search in DiVA

By author/editor
Aknesil, CanDubrova, Elena
By organisation
Network and Systems EngineeringElectronics and Embedded systems
Communication SystemsComputer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 66 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub
|
About Open Access