Related papers: Knowledge-Free Black-Box Watermark and Ownership Proof for Image Classification Neural Networks

Knowledge-Free Black-Box Watermark and Ownership Proof for Image Classification Neural Networks

URL: http://arxiv.org/abs/2204.04522v1
Date: Sat, 9 Apr 2022 18:09:02 GMT
Title: Knowledge-Free Black-Box Watermark and Ownership Proof for Image Classification Neural Networks
Authors: Fangqi Li and Shilin Wang
Abstract summary: We propose a knowledge-free black-box watermarking scheme for image classification neural networks. A delicate encoding and verification protocol is designed to ensure the scheme's knowledgable security against adversaries. Experiment results proved the functionality-preserving capability and security of the proposed watermarking scheme.
Score: 9.117248639119529
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Watermarking has become a plausible candidate for ownership verification and intellectual property protection of deep neural networks. Regarding image classification neural networks, current watermarking schemes uniformly resort to backdoor triggers. However, injecting a backdoor into a neural network requires knowledge of the training dataset, which is usually unavailable in the real-world commercialization. Meanwhile, established watermarking schemes oversight the potential damage of exposed evidence during ownership verification and the watermarking algorithms themselves. Those concerns decline current watermarking schemes from industrial applications. To confront these challenges, we propose a knowledge-free black-box watermarking scheme for image classification neural networks. The image generator obtained from a data-free distillation process is leveraged to stabilize the network's performance during the backdoor injection. A delicate encoding and verification protocol is designed to ensure the scheme's security against knowledgable adversaries. We also give a pioneering analysis of the capacity of the watermarking scheme. Experiment results proved the functionality-preserving capability and security of the proposed watermarking scheme.