Exploring Structure Consistency for Deep Model Watermarking
- URL: http://arxiv.org/abs/2108.02360v1
- Date: Thu, 5 Aug 2021 04:27:15 GMT
- Title: Exploring Structure Consistency for Deep Model Watermarking
- Authors: Jie Zhang, Dongdong Chen, Jing Liao, Han Fang, Zehua Ma, Weiming
Zhang, Gang Hua, Nenghai Yu
- Abstract summary: The intellectual property (IP) of Deep neural networks (DNNs) can be easily stolen'' by surrogate model attack.
We propose a new watermarking methodology, namely structure consistency'', based on which a new deep structure-aligned model watermarking algorithm is designed.
- Score: 122.38456787761497
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The intellectual property (IP) of Deep neural networks (DNNs) can be easily
``stolen'' by surrogate model attack. There has been significant progress in
solutions to protect the IP of DNN models in classification tasks. However,
little attention has been devoted to the protection of DNNs in image processing
tasks. By utilizing consistent invisible spatial watermarks, one recent work
first considered model watermarking for deep image processing networks and
demonstrated its efficacy in many downstream tasks. Nevertheless, it highly
depends on the hypothesis that the embedded watermarks in the network outputs
are consistent. When the attacker uses some common data augmentation attacks
(e.g., rotate, crop, and resize) during surrogate model training, it will
totally fail because the underlying watermark consistency is destroyed. To
mitigate this issue, we propose a new watermarking methodology, namely
``structure consistency'', based on which a new deep structure-aligned model
watermarking algorithm is designed. Specifically, the embedded watermarks are
designed to be aligned with physically consistent image structures, such as
edges or semantic regions. Experiments demonstrate that our method is much more
robust than the baseline method in resisting data augmentation attacks for
model IP protection. Besides that, we further test the generalization ability
and robustness of our method to a broader range of circumvention attacks.
Related papers
- Robustness of Watermarking on Text-to-Image Diffusion Models [9.277492743469235]
We investigate the robustness of generative watermarking, which is created from the integration of watermarking embedding and text-to-image generation processing.
We found that generative watermarking methods are robust to direct evasion attacks, like discriminator-based attacks, or manipulation based on the edge information in edge prediction-based attacks but vulnerable to malicious fine-tuning.
arXiv Detail & Related papers (2024-08-04T13:59:09Z) - Safe and Robust Watermark Injection with a Single OoD Image [90.71804273115585]
Training a high-performance deep neural network requires large amounts of data and computational resources.
We propose a safe and robust backdoor-based watermark injection technique.
We induce random perturbation of model parameters during watermark injection to defend against common watermark removal attacks.
arXiv Detail & Related papers (2023-09-04T19:58:35Z) - Rethinking White-Box Watermarks on Deep Learning Models under Neural
Structural Obfuscation [24.07604618918671]
Copyright protection for deep neural networks (DNNs) is an urgent need for AI corporations.
White-box watermarking is believed to be accurate, credible and secure against most known watermark removal attacks.
We present the first systematic study on how the mainstream white-box watermarks are commonly vulnerable to neural structural obfuscation with textitdummy neurons.
arXiv Detail & Related papers (2023-03-17T02:21:41Z) - On Function-Coupled Watermarks for Deep Neural Networks [15.478746926391146]
We propose a novel DNN watermarking solution that can effectively defend against watermark removal attacks.
Our key insight is to enhance the coupling of the watermark and model functionalities.
Results show a 100% watermark authentication success rate under aggressive watermark removal attacks.
arXiv Detail & Related papers (2023-02-08T05:55:16Z) - Reversible Watermarking in Deep Convolutional Neural Networks for
Integrity Authentication [78.165255859254]
We propose a reversible watermarking algorithm for integrity authentication.
The influence of embedding reversible watermarking on the classification performance is less than 0.5%.
At the same time, the integrity of the model can be verified by applying the reversible watermarking.
arXiv Detail & Related papers (2021-04-09T09:32:21Z) - Robust Black-box Watermarking for Deep NeuralNetwork using Inverse
Document Frequency [1.2502377311068757]
We propose a framework for watermarking a Deep Neural Networks (DNNs) model designed for a textual domain.
The proposed embedding procedure takes place in the model's training time, making the watermark verification stage straightforward.
The experimental results show that watermarked models have the same accuracy as the original ones.
arXiv Detail & Related papers (2021-03-09T17:56:04Z) - Deep Model Intellectual Property Protection via Deep Watermarking [122.87871873450014]
Deep neural networks are exposed to serious IP infringement risks.
Given a target deep model, if the attacker knows its full information, it can be easily stolen by fine-tuning.
We propose a new model watermarking framework for protecting deep networks trained for low-level computer vision or image processing tasks.
arXiv Detail & Related papers (2021-03-08T18:58:21Z) - Fine-tuning Is Not Enough: A Simple yet Effective Watermark Removal
Attack for DNN Models [72.9364216776529]
We propose a novel watermark removal attack from a different perspective.
We design a simple yet powerful transformation algorithm by combining imperceptible pattern embedding and spatial-level transformations.
Our attack can bypass state-of-the-art watermarking solutions with very high success rates.
arXiv Detail & Related papers (2020-09-18T09:14:54Z) - Model Watermarking for Image Processing Networks [120.918532981871]
How to protect the intellectual property of deep models is a very important but seriously under-researched problem.
We propose the first model watermarking framework for protecting image processing models.
arXiv Detail & Related papers (2020-02-25T18:36:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.