	US 12,455,976 B2
	Method for protecting a machine learning model from being copied
Wilhelmus Petrus Adrianus Johannus Michiels, Reusel (NL); and Jan Hoogerbrugge, Helmond (NL)
Assigned to NXP B.V., Eindhoven (NL)
Filed by NXP B.V., Eindhoven (NL)
Filed on Nov. 1, 2022, as Appl. No. 18/051,531.
Prior Publication US 2024/0143826 A1, May 2, 2024
Int. Cl. G06F 21/12 (2013.01); G06F 16/11 (2019.01); G06F 21/62 (2013.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01)

CPC G06F 21/6227 (2013.01) [G06N 5/04 (2013.01)]

20 Claims

1. A method for protecting a machine learning (ML) model from being copied, the method comprising:

providing an input sample to the ML model for an inference operation;

selecting features from an internal layer of the ML model, the features relating to the input sample;

selecting positive gradients of output logits to the features of the ML model;

computing a summation of a product of positive gradients and the features to determine a feature contribution value;

determining that the input sample is a NPD sample if the feature contribution value is less than or equal to a predetermined threshold feature contribution value; and

determining that an attempt to copy the ML model is underway if a predetermined percentage of a plurality of input samples input to the ML model has feature contribution values that are less than or equal to the predetermined threshold feature contribution value.