文件名称:Protecting the Intellectual Property of Deep Neural Networks with Watermarking: The Frequency Domain Approach
介绍说明--下载内容均来自于网络,请自行研究使用
Similar to other digital assets, deep neural network
(DNN) models could suffer from piracy threat initiated by insider
and/or outsider adversaries due to their inherent commercial
value. DNN watermarking is a promising technique to mitigate
this threat to intellectual property. This work focuses on black-
box DNN watermarking, with which an owner can only verify
his ownership by issuing special trigger queries to a remote
suspicious model. However, informed attackers, who are aware
of the watermark and somehow obtain the triggers, could
forge fake triggers to claim their ownerships since the poor
robustness of triggers and the lack of correlation between the
model and the owner identity. This consideration calls for new
watermarking methods that can achieve better trade-off for
addressing the discrepancy. In this paper, we exploit frequency
domain image watermarking to generate triggers and build our
DNN watermarking algorithm accordingly. Since watermarking
in the frequency domain is high concealment and robust to
signal processing operation, the proposed algorithm is superior to
existing schemes in resisting fraudulent claim attack. Besides, ex-
tensive experimental results on 3 datasets and 8 neural networks
demonstrate that the proposed DNN watermarking algorithm
achieves similar performance on functionality metrics and better
performance on security metrics when compared with existing
algorithms.
(DNN) models could suffer from piracy threat initiated by insider
and/or outsider adversaries due to their inherent commercial
value. DNN watermarking is a promising technique to mitigate
this threat to intellectual property. This work focuses on black-
box DNN watermarking, with which an owner can only verify
his ownership by issuing special trigger queries to a remote
suspicious model. However, informed attackers, who are aware
of the watermark and somehow obtain the triggers, could
forge fake triggers to claim their ownerships since the poor
robustness of triggers and the lack of correlation between the
model and the owner identity. This consideration calls for new
watermarking methods that can achieve better trade-off for
addressing the discrepancy. In this paper, we exploit frequency
domain image watermarking to generate triggers and build our
DNN watermarking algorithm accordingly. Since watermarking
in the frequency domain is high concealment and robust to
signal processing operation, the proposed algorithm is superior to
existing schemes in resisting fraudulent claim attack. Besides, ex-
tensive experimental results on 3 datasets and 8 neural networks
demonstrate that the proposed DNN watermarking algorithm
achieves similar performance on functionality metrics and better
performance on security metrics when compared with existing
algorithms.
(系统自动生成,下载前可以参看下载内容)
下载文件列表
压缩包 : 09343235.zip 列表 09343235.pdf