What problem does this paper attempt to address?

### Problems the paper attempts to solve This paper aims to solve an important problem in deep - learning model copyright protection, that is, how to distinguish between homologous models and piracy models. Specifically, the paper focuses on the following challenges: 1. **Avoid misidentifying homologous models**: Existing model watermarking and fingerprinting methods may wrongly identify legally trained homologous models as piracy models when protecting model copyright. Homologous models refer to models independently trained using similar structures or training data sets, and these models have similar performance and behavior to the original model. 2. **Black - box access limitation**: Model owners usually can only access suspected piracy models in a black - box manner, that is, they can only obtain the prediction results of the model for query samples, but cannot directly view the internal parameters or structure of the model. 3. **Efficient model fingerprint construction**: In order to reduce query costs and avoid being detected by attackers, model fingerprints need to be effectively constructed with as few query samples as possible. ### Solutions To solve the above problems, the paper proposes a new method - DeepCore. The main contributions of DeepCore are as follows: 1. **Construction of high - confidence samples**: DeepCore constructs high - confidence core points by optimizing the classification confidence of specific - category samples. These core points are far from the decision boundary of the model, making the prediction results of piracy models at these points closer to the original model, while homologous models show greater differences. 2. **Utilization of behavioral differences**: Through experimental analysis, the paper discovers behavioral differences on high - confidence classification samples: - The higher the prediction score of a sample, the farther the distance from the decision boundary of the model. - The output scores of piracy models at the core points are closer to the original model, while homologous models show greater differences. - The larger the radius of the core point, the greater the difference in output scores between homologous models and piracy models. 3. **Multiple identification methods**: DeepCore provides three different methods to identify piracy models: - **L1 distance method**: Identify by calculating the L1 distance between the victim model and the suspected model at the core points. - **Cosine similarity method**: Identify by calculating the cosine similarity between the victim model and the suspected model at the core points. - **Clustering method**: Distinguish different types of models (homologous models, post - processing piracy models, model - extraction - attack piracy models) by clustering methods. ### Experimental results The experimental results show that DeepCore performs excellently in identifying various piracy models, can achieve low Missed Identification Rate (MIR) and False Identification Rate (FIR), and is superior to existing methods on different architectures and data sets. ### Summary By proposing the DeepCore method, this paper effectively solves the key problems in deep - learning model copyright protection, especially making significant progress in distinguishing between homologous models and piracy models.