International Conference on Pattern Recognition and Artificial Intelligence
Authors: Christoph Theiß and Clemens-Alexander Brust and Joachim Denzler
Abstract: In this paper, we present a method for estimating the similarity of two black-box models that does not depend on the knowledge about specific training data. This method can be used to identify copies of or stolen machine learning models. It can also be applied to detect instances of license violations regarding the use of datasets. We validate our proposed method experimentally on the CIFAR-10 and MNIST datasets using convolutional neural networks, generative adversarial networks and support vector machines. We show that it can clearly distinguish between models trained on different datasets. Theoretical foundations of our work are also offered.