Anti-Neuron Watermarking: Protecting Personal Data Against Unauthorized
Neural Model Training
- URL: http://arxiv.org/abs/2109.09023v1
- Date: Sat, 18 Sep 2021 22:10:37 GMT
- Title: Anti-Neuron Watermarking: Protecting Personal Data Against Unauthorized
Neural Model Training
- Authors: Zihang Zou, Boqing Gong, Liqiang Wang
- Abstract summary: Personal data (e.g. images) could be exploited inappropriately to train deep neural network models without authorization.
By embedding a watermarking signature using specialized linear color transformation to user images, neural models will be imprinted with such a signature.
This is the first work to protect users' personal data from unauthorized usage in neural network training.
- Score: 50.308254937851814
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: In this paper, we raise up an emerging personal data protection problem where
user personal data (e.g. images) could be inappropriately exploited to train
deep neural network models without authorization. To solve this problem, we
revisit traditional watermarking in advanced machine learning settings. By
embedding a watermarking signature using specialized linear color
transformation to user images, neural models will be imprinted with such a
signature if training data include watermarked images. Then, a third-party
verifier can verify potential unauthorized usage by inferring the watermark
signature from neural models. We further explore the desired properties of
watermarking and signature space for convincing verification. Through extensive
experiments, we show empirically that linear color transformation is effective
in protecting user's personal images for various realistic settings. To the
best of our knowledge, this is the first work to protect users' personal data
from unauthorized usage in neural network training.
Related papers
- Towards Robust Model Watermark via Reducing Parametric Vulnerability [57.66709830576457]
backdoor-based ownership verification becomes popular recently, in which the model owner can watermark the model.
We propose a mini-max formulation to find these watermark-removed models and recover their watermark behavior.
Our method improves the robustness of the model watermarking against parametric changes and numerous watermark-removal attacks.
arXiv Detail & Related papers (2023-09-09T12:46:08Z) - Safe and Robust Watermark Injection with a Single OoD Image [90.71804273115585]
Training a high-performance deep neural network requires large amounts of data and computational resources.
We propose a safe and robust backdoor-based watermark injection technique.
We induce random perturbation of model parameters during watermark injection to defend against common watermark removal attacks.
arXiv Detail & Related papers (2023-09-04T19:58:35Z) - DIAGNOSIS: Detecting Unauthorized Data Usages in Text-to-image Diffusion Models [79.71665540122498]
We propose a method for detecting unauthorized data usage by planting the injected content into the protected dataset.
Specifically, we modify the protected images by adding unique contents on these images using stealthy image warping functions.
By analyzing whether the model has memorized the injected content, we can detect models that had illegally utilized the unauthorized data.
arXiv Detail & Related papers (2023-07-06T16:27:39Z) - Did You Train on My Dataset? Towards Public Dataset Protection with
Clean-Label Backdoor Watermarking [54.40184736491652]
We propose a backdoor-based watermarking approach that serves as a general framework for safeguarding public-available data.
By inserting a small number of watermarking samples into the dataset, our approach enables the learning model to implicitly learn a secret function set by defenders.
This hidden function can then be used as a watermark to track down third-party models that use the dataset illegally.
arXiv Detail & Related papers (2023-03-20T21:54:30Z) - On Function-Coupled Watermarks for Deep Neural Networks [15.478746926391146]
We propose a novel DNN watermarking solution that can effectively defend against watermark removal attacks.
Our key insight is to enhance the coupling of the watermark and model functionalities.
Results show a 100% watermark authentication success rate under aggressive watermark removal attacks.
arXiv Detail & Related papers (2023-02-08T05:55:16Z) - Knowledge-Free Black-Box Watermark and Ownership Proof for Image
Classification Neural Networks [9.117248639119529]
We propose a knowledge-free black-box watermarking scheme for image classification neural networks.
A delicate encoding and verification protocol is designed to ensure the scheme's knowledgable security against adversaries.
Experiment results proved the functionality-preserving capability and security of the proposed watermarking scheme.
arXiv Detail & Related papers (2022-04-09T18:09:02Z) - Protecting the Intellectual Properties of Deep Neural Networks with an
Additional Class and Steganographic Images [7.234511676697502]
We propose a method to protect the intellectual properties of deep neural networks (DNN) models by using an additional class and steganographic images.
We adopt the least significant bit (LSB) image steganography to embed users' fingerprints into watermark key images.
On Fashion-MNIST and CIFAR-10 datasets, the proposed method can obtain 100% watermark accuracy and 100% fingerprint authentication success rate.
arXiv Detail & Related papers (2021-04-19T11:03:53Z) - Removing Backdoor-Based Watermarks in Neural Networks with Limited Data [26.050649487499626]
Trading deep models is highly demanded and lucrative nowadays.
naive trading schemes typically involve potential risks related to copyright and trustworthiness issues.
We propose a novel backdoor-based watermark removal framework using limited data, dubbed WILD.
arXiv Detail & Related papers (2020-08-02T06:25:26Z) - Model Watermarking for Image Processing Networks [120.918532981871]
How to protect the intellectual property of deep models is a very important but seriously under-researched problem.
We propose the first model watermarking framework for protecting image processing models.
arXiv Detail & Related papers (2020-02-25T18:36:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.