skip to main content
10.1145/3652583.3658057acmconferencesArticle/Chapter ViewAbstractPublication PagesicmrConference Proceedingsconference-collections
research-article

Fingerprinting in EEG Model IP Protection Using Diffusion Model

Published: 07 June 2024 Publication History

Editorial Notes

The authors have requested minor, non-substantive changes to the Version of Record and, in accordance with ACM policies, a Corrected Version of Record was published on July 17, 2024. For reference purposes, the VoR may still be accessed via the Supplemental Material section on this page.

Abstract

In the rapidly advancing field of deep learning, a significant yet often overlooked challenge is the protection of intellectual property (IP) for models based on electroencephalography (EEG). These models, which handle sensitive and private physiological information, have not received as much attention for IP protection as their counterparts in more mainstream areas like computer vision (CV) and natural language processing (NLP). This paper introduces an innovative fingerprinting method for the first time, targeting IP protection of EEG-based models, a domain where conventional watermarking techniques fall short. We design a novel conditional diffusion model, tailored to a universal EEG format, which is the first application of diffusion models in model IP protection. Furthermore, our retrieval strategy, characterized by three distinct conditions, facilitates the construction of the fingerprint validation set from synthesized EEG samples. Experiments demonstrate that our method not only outperforms existing state-of-the-art (SOTA) protection techniques in robustness against various IP attacks but also excels in generating high-quality and high-diversity EEG samples.

Supplemental Material

PDF File - Version of Record
VoR for "Fingerprinting in EEG Model IP Protection Using Diffusion Model" by Wang et al., Proceedings of the 2024 International Conference on Multimedia Retrieval (ICMR '24).

References

[1]
Jasmin Bharadiya. 2023. A Comprehensive Survey of Deep Learning Techniques Natural Language Processing. European Journal of Technology, Vol. 7, 1 (2023), 58--66.
[2]
Amir Jalaly Bidgoly, Hamed Jalaly Bidgoly, and Zeynab Arezoumand. 2022. Towards a universal and privacy preserving EEG-based authentication system. Scientific Reports, Vol. 12, 1 (2022), 2531.
[3]
Franziska Boenisch. 2021. A systematic review on model watermarking for neural networks. Frontiers in big Data, Vol. 4 (2021), 729663.
[4]
Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong. 2021. IPGuard: Protecting intellectual property of deep neural networks via fingerprinting the classification boundary. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. 14--25.
[5]
Yasra Chandio, Noman Bashir, and Fatima M Anwar. 2022. HoloSet-A Dataset for Visual-Inertial Pose Estimation in Extended Reality: Dataset. In Proceedings of the 20th ACM Conference on Embedded Networked Sensor Systems. 1014--1019.
[6]
Yiming Chen, Jinyu Tian, Xiangyu Chen, and Jiantao Zhou. 2023. Effective ambiguity attack against passport-based dnn intellectual property protection schemes through fully connected layer substitution. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 8123--8132.
[7]
Hyungjin Chung and Jong Chul Ye. 2022. Score-based diffusion models for accelerated MRI. Medical image analysis, Vol. 80 (2022), 102479.
[8]
Florinel-Alin Croitoru, Vlad Hondru, Radu Tudor Ionescu, and Mubarak Shah. 2023. Diffusion models in vision: A survey. IEEE Transactions on Pattern Analysis and Machine Intelligence (2023).
[9]
Heng Cui, Aiping Liu, Xu Zhang, Xiang Chen, Kongqiao Wang, and Xun Chen. 2020. EEG-based emotion recognition using an end-to-end regional-asymmetric convolutional neural network. Knowledge-Based Systems, Vol. 205 (2020), 106243.
[10]
Prafulla Dhariwal and Alexander Nichol. 2021. Diffusion models beat gans on image synthesis. Advances in neural information processing systems, Vol. 34 (2021), 8780--8794.
[11]
Yi Ding, Neethu Robinson, Su Zhang, Qiuhao Zeng, and Cuntai Guan. 2022. Tsception: Capturing temporal dynamics and spatial asymmetry from EEG for emotion recognition. IEEE Transactions on Affective Computing (2022).
[12]
Yiqun Duan, Jinzhao Zhou, Zhen Wang, Yu-Cheng Chang, Yu-Kai Wang, and Chin-Teng Lin. 2023. Domain-specific denoising diffusion probabilistic models for brain dynamics. arXiv preprint arXiv:2305.04200 (2023).
[13]
Lixin Fan, Kam Woh Ng, and Chee Seng Chan. 2019. Rethinking deep neural network ownership verification: Embedding passports to defeat ambiguity attacks. Advances in neural information processing systems, Vol. 32 (2019).
[14]
Shreya Goyal, Sumanth Doddapaneni, Mitesh M Khapra, and Balaraman Ravindran. 2023. A survey of adversarial defenses and robustness in nlp. Comput. Surveys, Vol. 55, 14s (2023), 1--39.
[15]
Jiyang Guan, Jian Liang, and Ran He. 2022. Are you stealing my model? sample correlation for fingerprinting deep neural networks. Advances in Neural Information Processing Systems, Vol. 35 (2022), 36571--36584.
[16]
Eddie Harmon-Jones, Philip A Gable, and Carly K Peterson. 2010. The role of asymmetric frontal cortical activity in emotion-related phenomena: A review and update. Biological psychology, Vol. 84, 3 (2010), 451--462.
[17]
Xuanli He, Qiongkai Xu, Lingjuan Lyu, Fangzhao Wu, and Chenguang Wang. 2022. Protecting intellectual property of language generation apis with lexical watermark. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 36. 10758--10766.
[18]
Ying He, Gongqing Wu, Desheng Cai, and Xuegang Hu. 2023. Cross-View Sample-Enriched Graph Contrastive Learning Network for Personalized Micro-video Recommendation. In Proceedings of the 2023 ACM International Conference on Multimedia Retrieval. 48--56.
[19]
Jonathan Ho, Ajay Jain, and Pieter Abbeel. 2020. Denoising diffusion probabilistic models. Advances in neural information processing systems, Vol. 33 (2020), 6840--6851.
[20]
Sander Koelstra, Christian Muhl, Mohammad Soleymani, Jong-Seok Lee, Ashkan Yazdani, Touradj Ebrahimi, Thierry Pun, Anton Nijholt, and Ioannis Patras. 2011. Deap: A database for emotion analysis; using physiological signals. IEEE transactions on affective computing, Vol. 3, 1 (2011), 18--31.
[21]
Zhifeng Kong, Wei Ping, Jiaji Huang, Kexin Zhao, and Bryan Catanzaro. 2020. Diffwave: A versatile diffusion model for audio synthesis. arXiv preprint arXiv:2009.09761 (2020).
[22]
Vernon J Lawhern, Amelia J Solon, Nicholas R Waytowich, Stephen M Gordon, Chou P Hung, and Brent J Lance. 2018. EEGNet: a compact convolutional neural network for EEG-based brain-computer interfaces. Journal of neural engineering, Vol. 15, 5 (2018), 056013.
[23]
Haoying Li, Yifan Yang, Meng Chang, Shiqi Chen, Huajun Feng, Zhihai Xu, Qi Li, and Yueting Chen. 2022b. Srdiff: Single image super-resolution with diffusion probabilistic models. Neurocomputing, Vol. 479 (2022), 47--59.
[24]
Xiang Li, John Thickstun, Ishaan Gulrajani, Percy S Liang, and Tatsunori B Hashimoto. 2022a. Diffusion-lm improves controllable text generation. Advances in Neural Information Processing Systems, Vol. 35 (2022), 4328--4343.
[25]
Kang Liu, Brendan Dolan-Gavitt, and Siddharth Garg. 2018. Fine-pruning: Defending against backdooring attacks on deep neural networks. In International symposium on research in attacks, intrusions, and defenses. Springer, 273--294.
[26]
Nils Lukas, Yuxuan Zhang, and Florian Kerschbaum. 2019. Deep neural network fingerprinting by conferrable adversarial examples. arXiv preprint arXiv:1912.00888 (2019).
[27]
Alexander Quinn Nichol and Prafulla Dhariwal. 2021. Improved denoising diffusion probabilistic models. In International Conference on Machine Learning. PMLR, 8162--8171.
[28]
Daryna Oliynyk, Rudolf Mayer, and Andreas Rauber. 2023. I know what you trained last summer: A survey on stealing machine learning models and defences. Comput. Surveys (2023).
[29]
Sen Peng, Yufei Chen, Jie Xu, Zizhuo Chen, Cong Wang, and Xiaohua Jia. 2023. Intellectual property protection of DNN models. World Wide Web, Vol. 26, 4 (2023), 1877--1911.
[30]
Zirui Peng, Shaofeng Li, Guoxing Chen, Cheng Zhang, Haojin Zhu, and Minhui Xue. 2022. Fingerprinting deep neural networks globally via universal adversarial perturbations. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 13430--13439.
[31]
Francesco Regazzoni, Paolo Palmieri, Fethulah Smailbegovic, Rosario Cammarota, and Ilia Polian. 2021. Protecting artificial intelligence IPs: a survey of watermarking and fingerprinting for machine learning. CAAI Transactions on Intelligence Technology, Vol. 6, 2 (2021), 180--191.
[32]
Samantha J Reznik and John JB Allen. 2018. Frontal asymmetry as a mediator and moderator of emotion: An updated review. Psychophysiology, Vol. 55, 1 (2018), e12965.
[33]
Mauro Ribeiro, Katarina Grolinger, and Miriam AM Capretz. 2015. Mlaas: Machine learning as a service. In 2015 IEEE 14th international conference on machine learning and applications (ICMLA). IEEE, 896--902.
[34]
Jascha Sohl-Dickstein, Eric Weiss, Niru Maheswaranathan, and Surya Ganguli. 2015. Deep unsupervised learning using nonequilibrium thermodynamics. In International conference on machine learning. PMLR, 2256--2265.
[35]
Mohammad Soleymani, Jeroen Lichtenauer, Thierry Pun, and Maja Pantic. 2011. A multimodal database for affect recognition and implicit tagging. IEEE transactions on affective computing, Vol. 3, 1 (2011), 42--55.
[36]
Jiaming Song, Chenlin Meng, and Stefano Ermon. 2020. Denoising diffusion implicit models. arXiv preprint arXiv:2010.02502 (2020).
[37]
Yonghao Song, Qingqing Zheng, Bingchuan Liu, and Xiaorong Gao. 2022. EEG conformer: Convolutional transformer for EEG decoding and visualization. IEEE Transactions on Neural Systems and Rehabilitation Engineering, Vol. 31 (2022), 710--719.
[38]
Tiening Sun, Zhong Qian, Peifeng Li, and Qiaoming Zhu. 2023 b. Graph Interactive Network with Adaptive Gradient for Multi-Modal Rumor Detection. In Proceedings of the 2023 ACM International Conference on Multimedia Retrieval. 316--324.
[39]
Yuchen Sun, Tianpeng Liu, Panhe Hu, Qing Liao, Shouling Ji, Nenghai Yu, Deke Guo, and Li Liu. 2023 a. Deep Intellectual Property: A Survey. arXiv preprint arXiv:2304.14613 (2023).
[40]
Peiwang Tang, Qinghua Zhang, and Xianchao Zhang. 2023. A Recurrent Neural Network based Generative Adversarial Network for Long Multivariate Time Series Forecasting. In Proceedings of the 2023 ACM International Conference on Multimedia Retrieval. 181--189.
[41]
Giulio Tosato, Cesare M Dalbagno, and Francesco Fumagalli. 2023. EEG Synthetic Data Generation Using Probabilistic Diffusion Models. arXiv preprint arXiv:2303.06068 (2023).
[42]
Yusuke Uchida, Yuki Nagai, Shigeyuki Sakazawa, and Shin'ichi Satoh. 2017. Embedding watermarks into deep neural networks. In Proceedings of the 2017 ACM on international conference on multimedia retrieval. 269--277.
[43]
Tianhao Wang and Florian Kerschbaum. 2021. RIGA: Covert and robust white-box watermarking of deep neural networks. In Proceedings of the Web Conference 2021. 993--1004.
[44]
Zekai Wang, Tianyu Pang, Chao Du, Min Lin, Weiwei Liu, and Shuicheng Yan. 2023. Better diffusion models further improve adversarial training. arXiv preprint arXiv:2302.04638 (2023).
[45]
Dongrui Wu, Yifan Xu, and Bao-Liang Lu. 2020. Transfer learning for EEG-based brain-computer interfaces: A review of progress made since 2016. IEEE Transactions on Cognitive and Developmental Systems, Vol. 14, 1 (2020), 4--19.
[46]
Tianhua Xu, Sheng-hua Zhong, and Zhijiao Xiao. 2023. Protecting Intellectual Property of EEG-based Model with Watermarking. In 2023 IEEE International Conference on Multimedia and Expo (ICME). IEEE, 37--42.
[47]
Ling Yang, Zhilong Zhang, Yang Song, Shenda Hong, Runsheng Xu, Yue Zhao, Wentao Zhang, Bin Cui, and Ming-Hsuan Yang. 2022. Diffusion models: A comprehensive survey of methods and applications. Comput. Surveys (2022).
[48]
Yilong Yang, Qingfeng Wu, Yazhen Fu, and Xiaowei Chen. 2018. Continuous convolutional neural network with 3D input for EEG-based emotion recognition. In Neural Information Processing: 25th International Conference, ICONIP 2018, Siem Reap, Cambodia, December 13--16, 2018, Proceedings, Part VII 25. Springer, 433--443.
[49]
Hong Zeng, Nianzhang Xia, Dongguan Qian, Motonobu Hattori, Chu Wang, and Wanzeng Kong. 2023. DM-RE2I: A framework based on diffusion model for the reconstruction from EEG to image. Biomedical Signal Processing and Control, Vol. 86 (2023), 105125.
[50]
Yabo Zhang, Yuxiang Wei, Dongsheng Jiang, Xiaopeng Zhang, Wangmeng Zuo, and Qi Tian. 2023. ControlVideo: Training-free Controllable Text-to-Video Generation. arXiv preprint arXiv:2305.13077 (2023).
[51]
Hao Zou, Zae Myung Kim, and Dongyeop Kang. 2023. Diffusion models in nlp: A survey. arXiv preprint arXiv:2305.14671 (2023).

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ICMR '24: Proceedings of the 2024 International Conference on Multimedia Retrieval
May 2024
1379 pages
ISBN:9798400706196
DOI:10.1145/3652583
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 2024

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. diffusion models
  2. eeg-based model protection
  3. fingerprint

Qualifiers

  • Research-article

Funding Sources

  • Natural Science Foundation of Guangdong Province
  • Open Fund of National Engineering Laboratory for Big Data System Computing Technology
  • Open Research Fund from Guangdong Laboratory of Artificial Intelligence and Digital Economy(SZ)
  • Stable Support Project of Shenzhen

Conference

ICMR '24
Sponsor:

Acceptance Rates

Overall Acceptance Rate 254 of 830 submissions, 31%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 154
    Total Downloads
  • Downloads (Last 12 months)154
  • Downloads (Last 6 weeks)35
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media