Face recognition has witnessed remarkable advancements in recent years, thanks to the development of deep learning techniques. However, an off-the-shelf face recognition model as a commercial service could be stolen by model stealing attacks, posing great threats to the rights of the model owner. Model fingerprinting, as a model stealing detection method, aims to verify whether a suspect model is stolen from the victim model, gaining more and more attention nowadays. Previous methods always utilize transferable adversarial examples as the model fingerprint, but this method is known to be sensitive to adversarial defense and transfer learning techniques. To address this issue, we consider the pairwise relationship between samples instead and propose a novel yet simple model stealing detection method based on SAmple Correlation (SAC). Specifically, we present SAC-JC that selects JPEG compressed samples as model inputs and calculates the correlation matrix among their model outputs. Extensive results validate that SAC successfully defends against various model stealing attacks in deep face recognition, encompassing face verification and face emotion recognition, exhibiting the highest performance in terms of AUC, p-value and F1 score. Furthermore, we extend our evaluation of SAC-JC to object recognition datasets including Tiny-ImageNet and CIFAR10, which also demonstrates the superior performance of SAC-JC to previous methods. The code will be available at https://github.com/guanjiyang/SAC_JC.

由于深度学习技术的发展，人脸识别近年来取得了显着进步。但是，作为商业服务的现成人脸识别模型可能会被模型窃取攻击窃取，对模型所有者的权利构成巨大威胁。模型指纹识别作为一种模型窃取检测方法，旨在验证可疑模型是否从受害者模型中被盗，如今越来越受到关注。以前的方法总是使用可转移的对抗性样本作为模型指纹，但众所周知，这种方法对对抗性防御和迁移学习技术很敏感。为了解决这个问题，我们考虑了样本之间的成对关系，并提出了一种新颖而简单的基于 SAmple Correlation （SAC） 的模型窃取检测方法。具体来说，我们提出了 SAC-JC，它选择 JPEG 压缩样本作为模型输入，并计算其模型输出之间的相关矩阵。大量结果验证了 SAC 在深度人脸识别中成功防御了各种模型窃取攻击，包括人脸验证和人脸情感识别，在 AUC、p 值和 F1 分数方面表现出最高的性能。此外，我们将 SAC-JC 的评估扩展到对象识别数据集，包括 Tiny-ImageNet 和 CIFAR10，这也证明了 SAC-JC 优于以前的方法。该代码将在 https://github.com/guanjiyang/SAC_JC 上提供。