{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着人工智能行業的發展,AI技術被大量應用到人們的生活中,而AI模型作爲這些技術的載體,被廣泛部署在雲端。作爲一種數字資產,AI模型面臨着被竊取的風險,其安全性愈發引起業界關注。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"北京時間11月11日至12日,全球知名信息安全峯會POC 2021正式舉辦,騰訊朱雀實驗室高級研究員Mengyun Tang和研究員Tony受邀參加,並進行了題爲《Towards AI Model Security Protection(AI模型的安全保護)》的分享。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在此次分享中,騰訊朱雀實驗室展示了AI模型攻防實例,並提出了一種新的模型水印生成方法,這項技術可以防禦多種模型竊取方式,並且對原模型的輸出幾乎不產生影響,爲AI模型版權提供有效的保護。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"AI模型維權,取證是難點"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"AI模型作爲技術的核心載體,一旦被竊取,將可能使擁有該技術的企業或組織暴露在風險中。例如,某公司的AI模型被黑客惡意盜取後,黑客就可以複製該公司的業務,來搶佔市場,獲取間接經濟利益,或者將模型出售給第三方,甚至勒索該公司,來獲取直接經濟利益。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在模型竊取方式中,代理模型攻擊是一種典型的手段,它通過訓練與原模型功能相似的代理模型來蒸餾原模型的知識——將原模型的輸入作爲其輸入,原模型的輸出作爲其訓練標籤,並進行參數優化,不斷擬合原模型的輸出,最終達到竊取原模型知識的目的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/99\/e9\/99492175788fb80d2ba1cdc1191a99e9.jpg","alt":null,"title":"模型竊取流程","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而在面對模型竊取攻擊時,模型的原作者往往容易處於被動。因爲攻擊者並不直接接觸原模型,所以原作者無法提供直接證據,證明被竊取的模型中含有自己的知識產權,而陷入維權困難的境地。因此,一旦模型竊取攻擊氾濫,將爲人工智能的發展帶來更多挑戰。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"“隱形”水印,AI模型版權保護新方法"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"針對上述問題,騰訊朱雀實驗室結合最新的深度學習技術,推出了一套爲AI模型提供保護的方法,即對疑似竊取模型進行“取證”,來證明該模型爲“盜版”模型。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這套方法可以在預先防護階段,生成肉眼不可見的水印,並將之添加到原模型的輸出上,爲原模型的輸出“烙上”版權信息,同時,對原模型的輸出幾乎不產生影響。當AI模型被攻擊時,其附帶的水印也會被代理模型學習到,進而使得代理模型的輸出中也含有該水印。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨後,通過經訓練的提取器,可以從代理模型的輸出中精準地檢測到水印的存在,並將預先嵌入的模型版權信息進行高質量的還原,從而爲模型原作者提供有力的技術證據,來對抗侵權行爲。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/bc\/41\/bc02a5a7c4ec76a2cc296882448e7541.jpg","alt":null,"title":"朱雀實驗室提出的模型水印生成方法及其保護流程","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這項技術爲AI模型提供了一道“胎記”,其意義在於,不僅能夠有效地幫助AI模型作者維護自己的知識產權,還能打擊“盜版”AI模型,一定程度地遏制模型竊取行爲的發生,促進AI行業的生態持續健康發展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"騰訊安全平臺部下屬的騰訊朱雀實驗室,致力於實戰級APT攻擊和AI安全研究,其建設的AI安全威脅風險矩陣,專門針對人工智能行業中的潛在風險提供研究和預案,爲AI業務提供安全保障。"}]}]}
騰訊朱雀實驗室推出“隱形”水印,助力打擊AI模型盜取行爲
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着人工智能行業的發展,AI技術被大量應用到人們的生活中,而AI模型作爲這些技術的載體,被廣泛部署在雲端。作爲一種數字資產,AI模型面臨着被竊取的風險,其安全性愈發引起業界關注。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"北京時間11月11日至12日,全球知名信息安全峯會POC 2021正式舉辦,騰訊朱雀實驗室高級研究員Mengyun Tang和研究員Tony受邀參加,並進行了題爲《Towards AI Model Security Protection(AI模型的安全保護)》的分享。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在此次分享中,騰訊朱雀實驗室展示了AI模型攻防實例,並提出了一種新的模型水印生成方法,這項技術可以防禦多種模型竊取方式,並且對原模型的輸出幾乎不產生影響,爲AI模型版權提供有效的保護。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"AI模型維權,取證是難點"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"AI模型作爲技術的核心載體,一旦被竊取,將可能使擁有該技術的企業或組織暴露在風險中。例如,某公司的AI模型被黑客惡意盜取後,黑客就可以複製該公司的業務,來搶佔市場,獲取間接經濟利益,或者將模型出售給第三方,甚至勒索該公司,來獲取直接經濟利益。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在模型竊取方式中,代理模型攻擊是一種典型的手段,它通過訓練與原模型功能相似的代理模型來蒸餾原模型的知識——將原模型的輸入作爲其輸入,原模型的輸出作爲其訓練標籤,並進行參數優化,不斷擬合原模型的輸出,最終達到竊取原模型知識的目的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/99\/e9\/99492175788fb80d2ba1cdc1191a99e9.jpg","alt":null,"title":"模型竊取流程","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而在面對模型竊取攻擊時,模型的原作者往往容易處於被動。因爲攻擊者並不直接接觸原模型,所以原作者無法提供直接證據,證明被竊取的模型中含有自己的知識產權,而陷入維權困難的境地。因此,一旦模型竊取攻擊氾濫,將爲人工智能的發展帶來更多挑戰。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"“隱形”水印,AI模型版權保護新方法"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"針對上述問題,騰訊朱雀實驗室結合最新的深度學習技術,推出了一套爲AI模型提供保護的方法,即對疑似竊取模型進行“取證”,來證明該模型爲“盜版”模型。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這套方法可以在預先防護階段,生成肉眼不可見的水印,並將之添加到原模型的輸出上,爲原模型的輸出“烙上”版權信息,同時,對原模型的輸出幾乎不產生影響。當AI模型被攻擊時,其附帶的水印也會被代理模型學習到,進而使得代理模型的輸出中也含有該水印。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨後,通過經訓練的提取器,可以從代理模型的輸出中精準地檢測到水印的存在,並將預先嵌入的模型版權信息進行高質量的還原,從而爲模型原作者提供有力的技術證據,來對抗侵權行爲。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/bc\/41\/bc02a5a7c4ec76a2cc296882448e7541.jpg","alt":null,"title":"朱雀實驗室提出的模型水印生成方法及其保護流程","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這項技術爲AI模型提供了一道“胎記”,其意義在於,不僅能夠有效地幫助AI模型作者維護自己的知識產權,還能打擊“盜版”AI模型,一定程度地遏制模型竊取行爲的發生,促進AI行業的生態持續健康發展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"騰訊安全平臺部下屬的騰訊朱雀實驗室,致力於實戰級APT攻擊和AI安全研究,其建設的AI安全威脅風險矩陣,專門針對人工智能行業中的潛在風險提供研究和預案,爲AI業務提供安全保障。"}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章