DICTION:DynamIC robusT whIte bOx watermarkiNg scheme for deep neural networks

• URL: http://arxiv.org/abs/2210.15745v2
• Date: Mon, 19 May 2025 11:10:53 GMT
• Title: DICTION:DynamIC robusT whIte bOx watermarkiNg scheme for deep neural networks
• Authors: Reda Bellafqira, Gouenou Coatrieux,
• Abstract summary: Deep neural network (DNN) watermarking is a suitable method for protecting the ownership of deep learning (DL) models.<n>In this paper, we first provide a unified framework for white box DNN watermarking schemes.<n>Next, we introduce DICTION, a new white-box Dynamic Robust watermarking scheme.
• Score: 2.8648861222787882
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Deep neural network (DNN) watermarking is a suitable method for protecting the ownership of deep learning (DL) models. It secretly embeds an identifier (watermark) within the model, which can be retrieved by the owner to prove ownership. In this paper, we first provide a unified framework for white box DNN watermarking schemes. It includes current state-of-the-art methods outlining their theoretical inter-connections. Next, we introduce DICTION, a new white-box Dynamic Robust watermarking scheme, we derived from this framework. Its main originality stands on a generative adversarial network (GAN) strategy where the watermark extraction function is a DNN trained as a GAN discriminator taking the target model to watermark as a GAN generator with a latent space as the input of the GAN trigger set. DICTION can be seen as a generalization of DeepSigns which, to the best of our knowledge, is the only other Dynamic white-box watermarking scheme from the literature. Experiments conducted on the same model test set as Deepsigns demonstrate that our scheme achieves much better performance. Especially, with DICTION, one can increase the watermark capacity while preserving the target model accuracy at best and simultaneously ensuring strong watermark robustness against a wide range of watermark removal and detection attacks.

Related papers

• Optimization-Free Universal Watermark Forgery with Regenerative Diffusion Models [50.73220224678009]
  Watermarking can be used to verify the origin of synthetic images generated by artificial intelligence models.<n>Recent studies demonstrate the capability to forge watermarks from a target image onto cover images via adversarial techniques.<n>In this paper, we uncover a greater risk of an optimization-free and universal watermark forgery.<n>Our approach significantly broadens the scope of attacks, presenting a greater challenge to the security of current watermarking techniques.
  arXiv  Detail & Related papers  (2025-06-06T12:08:02Z)
• FreeMark: A Non-Invasive White-Box Watermarking for Deep Neural Networks [5.937758152593733]
  FreeMark is a novel framework for watermarking deep neural networks (DNNs) Unlike traditional watermarking methods, FreeMark innovatively generates secret keys from a pre-generated watermark vector and the host model using gradient descent. Experiments demonstrate that FreeMark effectively resists various watermark removal attacks while maintaining high watermark capacity.
  arXiv  Detail & Related papers  (2024-09-16T05:05:03Z)
• Watermarking Recommender Systems [52.207721219147814]
  We introduce Autoregressive Out-of-distribution Watermarking (AOW), a novel technique tailored specifically for recommender systems. Our approach entails selecting an initial item and querying it through the oracle model, followed by the selection of subsequent items with small prediction scores. To assess the efficacy of the watermark, the model is tasked with predicting the subsequent item given a truncated watermark sequence.
  arXiv  Detail & Related papers  (2024-07-17T06:51:24Z)
• DeepEclipse: How to Break White-Box DNN-Watermarking Schemes [60.472676088146436]
  We present obfuscation techniques that significantly differ from the existing white-box watermarking removal schemes. DeepEclipse can evade watermark detection without prior knowledge of the underlying watermarking scheme. Our evaluation reveals that DeepEclipse excels in breaking multiple white-box watermarking schemes.
  arXiv  Detail & Related papers  (2024-03-06T10:24:47Z)
• Wide Flat Minimum Watermarking for Robust Ownership Verification of GANs [23.639074918667625]
  We propose a novel multi-bit box-free watermarking method for GANs with improved robustness against white-box attacks. The watermark is embedded by adding an extra watermarking loss term during GAN training. We show that the presence of the watermark has a negligible impact on the quality of the generated images.
  arXiv  Detail & Related papers  (2023-10-25T18:38:10Z)
• ClearMark: Intuitive and Robust Model Watermarking via Transposed Model Training [50.77001916246691]
  This paper introduces ClearMark, the first DNN watermarking method designed for intuitive human assessment. ClearMark embeds visible watermarks, enabling human decision-making without rigid value thresholds. It shows an 8,544-bit watermark capacity comparable to the strongest existing work.
  arXiv  Detail & Related papers  (2023-10-25T08:16:55Z)
• Towards Robust Model Watermark via Reducing Parametric Vulnerability [57.66709830576457]
  backdoor-based ownership verification becomes popular recently, in which the model owner can watermark the model. We propose a mini-max formulation to find these watermark-removed models and recover their watermark behavior. Our method improves the robustness of the model watermarking against parametric changes and numerous watermark-removal attacks.
  arXiv  Detail & Related papers  (2023-09-09T12:46:08Z)
• Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation [24.07604618918671]
  Copyright protection for deep neural networks (DNNs) is an urgent need for AI corporations. White-box watermarking is believed to be accurate, credible and secure against most known watermark removal attacks. We present the first systematic study on how the mainstream white-box watermarks are commonly vulnerable to neural structural obfuscation with textitdummy neurons.
  arXiv  Detail & Related papers  (2023-03-17T02:21:41Z)
• Exploring Structure Consistency for Deep Model Watermarking [122.38456787761497]
  The intellectual property (IP) of Deep neural networks (DNNs) can be easily stolen'' by surrogate model attack. We propose a new watermarking methodology, namely structure consistency'', based on which a new deep structure-aligned model watermarking algorithm is designed.
  arXiv  Detail & Related papers  (2021-08-05T04:27:15Z)
• Robust Black-box Watermarking for Deep NeuralNetwork using Inverse Document Frequency [1.2502377311068757]
  We propose a framework for watermarking a Deep Neural Networks (DNNs) model designed for a textual domain. The proposed embedding procedure takes place in the model's training time, making the watermark verification stage straightforward. The experimental results show that watermarked models have the same accuracy as the original ones.
  arXiv  Detail & Related papers  (2021-03-09T17:56:04Z)
• Fine-tuning Is Not Enough: A Simple yet Effective Watermark Removal Attack for DNN Models [72.9364216776529]
  We propose a novel watermark removal attack from a different perspective. We design a simple yet powerful transformation algorithm by combining imperceptible pattern embedding and spatial-level transformations. Our attack can bypass state-of-the-art watermarking solutions with very high success rates.
  arXiv  Detail & Related papers  (2020-09-18T09:14:54Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.