DNNKeyLock: Securing Deep Neural Network Intellectual Property with Steganography and Token Authentication
摘要
Deep neural networks (DNNs) consume tremendous amount of data and computational resources, making them valuable assets for model developers. However, threats such as model theft, unauthorized access, and misuse—including illegal copying—are becoming increasingly common, posing serious risks to the security and rightful ownership of these models. Traditional protection methods, such as watermarking, are reactive and prone to failure under model tampering or extraction. To overcome these limitations, we propose DNNKeyLock, a proactive framework that integrates facial steganography, reversible networks, and dynamic data poisoning for identity-based access control. The user’s identity is first embedded into a facial image using a GAN-based steganographic encoder. This image is then further embedded into the query input through a reversible network (HiNet). During training, we adopt a data poisoning strategy where unauthorized samples are deliberately mislabeled, guiding the model to learn incorrect input-output associations. As a result, the model automatically produces wrong predictions for unauthorized inputs without requiring additional checks at runtime. Extensive experiments demonstrate that the proposed DNNKeyLock preserves accuracy for authorized users while suppressing unauthorized access. In addition, DNNKeyLock shows strong resistance to compression and adversarial threats. Moreover, DNNKeyLock offers scalable and tamper-resistant protection for black-box MLaaS deployments.