In this paper, we propose an encryption method for ConvMixer models with a secret key. Encryption methods for DNN models have been studied to achieve adversarial defense, model protection and privacy-preserving image classification. However, the use of conventional encryption methods degrades the performance of models compared with that of plain models. Accordingly, we propose a novel method for encrypting ConvMixer models. The method is carried out on the basis of an embedding architecture that ConvMixer has, and models encrypted with the method can have the same performance as models trained with plain images only when using test images encrypted with a secret key. In addition, the proposed method does not require any specially prepared data for model training or network modification. In an experiment, the effectiveness of the proposed method is evaluated in terms of classification accuracy and model protection in an image classification task on the CIFAR10 dataset.
翻译:在本文中,我们为ConvMixer模型提出了一种加密方法,其中含有一个秘密密钥。已经研究了DNN模型的加密方法,以便实现对抗防御、保护模式和隐私保护图像分类。然而,使用常规加密方法会降低模型的性能,与普通模型的性能相比较。因此,我们提出了一个加密ConvMixer模型的新颖方法。该方法是在ConvMixer的嵌入结构基础上实施的,而使用该方法加密的模型只有在使用用秘密密钥加密的测试图像时才能具有与用普通图像训练的模型相同的性能。此外,拟议方法不需要为示范培训或网络修改专门编制的任何数据。在一次实验中,在CIFAR10数据集的图像分类任务中,从分类准确性和模型保护的角度评估拟议方法的有效性。