A Game Between the Defender and the Attacker for Trigger-based Black-box Model Watermarking

• URL: http://arxiv.org/abs/2501.01194v1
• Date: Thu, 02 Jan 2025 11:07:38 GMT
• Title: A Game Between the Defender and the Attacker for Trigger-based Black-box Model Watermarking
• Authors: Chaoyue Huang, Hanzhou Wu,
• Abstract summary: This paper introduces a game between the model attacker and the model defender for trigger-based black-box model watermarking. For each of the two players, we construct the payoff function and determine the optimal response.
• Score: 10.363612241019652
• License:
• Abstract: Watermarking deep neural network (DNN) models has attracted a great deal of attention and interest in recent years because of the increasing demand to protect the intellectual property of DNN models. Many practical algorithms have been proposed by covertly embedding a secret watermark into a given DNN model through either parametric/structural modulation or backdooring against intellectual property infringement from the attacker while preserving the model performance on the original task. Despite the performance of these approaches, the lack of basic research restricts the algorithmic design to either a trial-based method or a data-driven technique. This has motivated the authors in this paper to introduce a game between the model attacker and the model defender for trigger-based black-box model watermarking. For each of the two players, we construct the payoff function and determine the optimal response, which enriches the theoretical foundation of model watermarking and may inspire us to develop novel schemes in the future.

Related papers

• SleeperMark: Towards Robust Watermark against Fine-Tuning Text-to-image Diffusion Models [77.80595722480074]
  SleeperMark is a novel framework designed to embed resilient watermarks into T2I diffusion models. It guides the model to disentangle the watermark information from the semantic concepts it learns, allowing the model to retain the embedded watermark. Our experiments demonstrate the effectiveness of SleeperMark across various types of diffusion models.
  arXiv  Detail & Related papers  (2024-12-06T08:44:18Z)
• Performance-lossless Black-box Model Watermarking [69.22653003059031]
  We propose a branch backdoor-based model watermarking protocol to protect model intellectual property. In addition, we analyze the potential threats to the protocol and provide a secure and feasible watermarking instance for language models.
  arXiv  Detail & Related papers  (2023-12-11T16:14:04Z)
• Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation [24.07604618918671]
  Copyright protection for deep neural networks (DNNs) is an urgent need for AI corporations. White-box watermarking is believed to be accurate, credible and secure against most known watermark removal attacks. We present the first systematic study on how the mainstream white-box watermarks are commonly vulnerable to neural structural obfuscation with textitdummy neurons.
  arXiv  Detail & Related papers  (2023-03-17T02:21:41Z)
• InFIP: An Explainable DNN Intellectual Property Protection Method based on Intrinsic Features [12.037142903022891]
  We propose an interpretable intellectual property protection method for Deep Neural Networks (DNNs) based on explainable artificial intelligence. The proposed method does not modify the DNN model, and the decision of the ownership verification is interpretable. Experimental results demonstrate that the fingerprints can be successfully used to verify the ownership of the model.
  arXiv  Detail & Related papers  (2022-10-14T03:12:36Z)
• DynaMarks: Defending Against Deep Learning Model Extraction Using Dynamic Watermarking [3.282282297279473]
  The functionality of a deep learning (DL) model can be stolen via model extraction. We propose a novel watermarking technique called DynaMarks to protect the intellectual property (IP) of DL models.
  arXiv  Detail & Related papers  (2022-07-27T06:49:39Z)
• PCPT and ACPT: Copyright Protection and Traceability Scheme for DNN Models [13.043683635373213]
  Deep neural networks (DNNs) have achieved tremendous success in artificial intelligence (AI) fields. DNN models can be easily illegally copied, redistributed, or abused by criminals.
  arXiv  Detail & Related papers  (2022-06-06T12:12:47Z)
• "And Then There Were None": Cracking White-box DNN Watermarks via Invariant Neuron Transforms [29.76685892624105]
  We present the first effective removal attack which cracks almost all the existing white-box watermarking schemes. Our attack requires no prior knowledge on the training data distribution or the adopted watermark algorithms, and leaves model functionality intact.
  arXiv  Detail & Related papers  (2022-04-30T08:33:32Z)
• Exploring Structure Consistency for Deep Model Watermarking [122.38456787761497]
  The intellectual property (IP) of Deep neural networks (DNNs) can be easily stolen'' by surrogate model attack. We propose a new watermarking methodology, namely structure consistency'', based on which a new deep structure-aligned model watermarking algorithm is designed.
  arXiv  Detail & Related papers  (2021-08-05T04:27:15Z)
• Deep Model Intellectual Property Protection via Deep Watermarking [122.87871873450014]
  Deep neural networks are exposed to serious IP infringement risks. Given a target deep model, if the attacker knows its full information, it can be easily stolen by fine-tuning. We propose a new model watermarking framework for protecting deep networks trained for low-level computer vision or image processing tasks.
  arXiv  Detail & Related papers  (2021-03-08T18:58:21Z)
• Orthogonal Deep Models As Defense Against Black-Box Attacks [71.23669614195195]
  We study the inherent weakness of deep models in black-box settings where the attacker may develop the attack using a model similar to the targeted model. We introduce a novel gradient regularization scheme that encourages the internal representation of a deep model to be orthogonal to another. We verify the effectiveness of our technique on a variety of large-scale models.
  arXiv  Detail & Related papers  (2020-06-26T08:29:05Z)
• Model Watermarking for Image Processing Networks [120.918532981871]
  How to protect the intellectual property of deep models is a very important but seriously under-researched problem. We propose the first model watermarking framework for protecting image processing models.
  arXiv  Detail & Related papers  (2020-02-25T18:36:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.