ClearMark: Intuitive and Robust Model Watermarking via Transposed Model
Training
- URL: http://arxiv.org/abs/2310.16453v1
- Date: Wed, 25 Oct 2023 08:16:55 GMT
- Title: ClearMark: Intuitive and Robust Model Watermarking via Transposed Model
Training
- Authors: Torsten Krau{\ss} and Jasper Stang and Alexandra Dmitrienko
- Abstract summary: This paper introduces ClearMark, the first DNN watermarking method designed for intuitive human assessment.
ClearMark embeds visible watermarks, enabling human decision-making without rigid value thresholds.
It shows an 8,544-bit watermark capacity comparable to the strongest existing work.
- Score: 50.77001916246691
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Due to costly efforts during data acquisition and model training, Deep Neural
Networks (DNNs) belong to the intellectual property of the model creator.
Hence, unauthorized use, theft, or modification may lead to legal
repercussions. Existing DNN watermarking methods for ownership proof are often
non-intuitive, embed human-invisible marks, require trust in algorithmic
assessment that lacks human-understandable attributes, and rely on rigid
thresholds, making it susceptible to failure in cases of partial watermark
erasure.
This paper introduces ClearMark, the first DNN watermarking method designed
for intuitive human assessment. ClearMark embeds visible watermarks, enabling
human decision-making without rigid value thresholds while allowing
technology-assisted evaluations. ClearMark defines a transposed model
architecture allowing to use of the model in a backward fashion to interwove
the watermark with the main task within all model parameters. Compared to
existing watermarking methods, ClearMark produces visual watermarks that are
easy for humans to understand without requiring complex verification algorithms
or strict thresholds. The watermark is embedded within all model parameters and
entangled with the main task, exhibiting superior robustness. It shows an
8,544-bit watermark capacity comparable to the strongest existing work.
Crucially, ClearMark's effectiveness is model and dataset-agnostic, and
resilient against adversarial model manipulations, as demonstrated in a
comprehensive study performed with four datasets and seven architectures.
Related papers
- Beyond Dataset Watermarking: Model-Level Copyright Protection for Code Summarization Models [37.817691840557984]
CSMs face risks of exploitation by unauthorized users.
Traditional watermarking methods require separate design of triggers and watermark features.
We propose ModMark, a novel model-level digital watermark embedding method.
arXiv Detail & Related papers (2024-10-18T00:48:00Z) - FreeMark: A Non-Invasive White-Box Watermarking for Deep Neural Networks [5.937758152593733]
FreeMark is a novel framework for watermarking deep neural networks (DNNs)
Unlike traditional watermarking methods, FreeMark innovatively generates secret keys from a pre-generated watermark vector and the host model using gradient descent.
Experiments demonstrate that FreeMark effectively resists various watermark removal attacks while maintaining high watermark capacity.
arXiv Detail & Related papers (2024-09-16T05:05:03Z) - Unbiased Watermark for Large Language Models [67.43415395591221]
This study examines how significantly watermarks impact the quality of model-generated outputs.
It is possible to integrate watermarks without affecting the output probability distribution.
The presence of watermarks does not compromise the performance of the model in downstream tasks.
arXiv Detail & Related papers (2023-09-22T12:46:38Z) - Towards Robust Model Watermark via Reducing Parametric Vulnerability [57.66709830576457]
backdoor-based ownership verification becomes popular recently, in which the model owner can watermark the model.
We propose a mini-max formulation to find these watermark-removed models and recover their watermark behavior.
Our method improves the robustness of the model watermarking against parametric changes and numerous watermark-removal attacks.
arXiv Detail & Related papers (2023-09-09T12:46:08Z) - Did You Train on My Dataset? Towards Public Dataset Protection with
Clean-Label Backdoor Watermarking [54.40184736491652]
We propose a backdoor-based watermarking approach that serves as a general framework for safeguarding public-available data.
By inserting a small number of watermarking samples into the dataset, our approach enables the learning model to implicitly learn a secret function set by defenders.
This hidden function can then be used as a watermark to track down third-party models that use the dataset illegally.
arXiv Detail & Related papers (2023-03-20T21:54:30Z) - Robust Black-box Watermarking for Deep NeuralNetwork using Inverse
Document Frequency [1.2502377311068757]
We propose a framework for watermarking a Deep Neural Networks (DNNs) model designed for a textual domain.
The proposed embedding procedure takes place in the model's training time, making the watermark verification stage straightforward.
The experimental results show that watermarked models have the same accuracy as the original ones.
arXiv Detail & Related papers (2021-03-09T17:56:04Z) - Don't Forget to Sign the Gradients! [60.98885980669777]
GradSigns is a novel watermarking framework for deep neural networks (DNNs)
We present GradSigns, a novel watermarking framework for deep neural networks (DNNs)
arXiv Detail & Related papers (2021-03-05T14:24:32Z) - Fine-tuning Is Not Enough: A Simple yet Effective Watermark Removal
Attack for DNN Models [72.9364216776529]
We propose a novel watermark removal attack from a different perspective.
We design a simple yet powerful transformation algorithm by combining imperceptible pattern embedding and spatial-level transformations.
Our attack can bypass state-of-the-art watermarking solutions with very high success rates.
arXiv Detail & Related papers (2020-09-18T09:14:54Z) - Removing Backdoor-Based Watermarks in Neural Networks with Limited Data [26.050649487499626]
Trading deep models is highly demanded and lucrative nowadays.
naive trading schemes typically involve potential risks related to copyright and trustworthiness issues.
We propose a novel backdoor-based watermark removal framework using limited data, dubbed WILD.
arXiv Detail & Related papers (2020-08-02T06:25:26Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.