Abstract:As deep learning technology matures, it’s being widely deployed in fields like image classification and speech recognition. However, training a functional deep learning model requires vast computing power and a large training dataset, leading to the emergence of a new business model of selling pre-trained models. However, these models are highly susceptible to theft, which poses a threat to the interests of their creators. Moreover, the network topology and weight parameters are considered intellectual property. To address these challenges, a method that can tag trained models to claim ownership without affecting their performance is necessary. Therefore, we propose a novel neural network watermarking protocol. In this method, the trigger set is constructed differently from previous methods by using a key obtained from the authority to generate a scrambling sequence, followed by using the sequence to scramble the pixels and assign their original labels. Finally, the trigger set is put into the network training together with the original training set to complete the watermark embedding. Since Logistic chaos mapping is nonlinear, unpredictable, and sensitive to initial values, we use Logistic chaos mapping as the generation method of dislocation sequence. We involve a third-party copyright center in the embedding process to prevent forgery attacks. The third-party only needs to store the disruption key and timestamp for each owner, reducing their storage burden. Our experimental results demonstrate that the ResNet model exhibits a mere 0.05 percentage point decrease in accuracy when using fine-tuning for watermark embedding, and a mere 0.03 percentage point decrease when using the training-from-scratch method. On the other hand, when using the SENet model, embedding watermarks via fine-tuning resulted in a 1.35 percentage point decrease in classification accuracy, while embedding watermarks from training-from-scratch resulted in a 0.94 percentage point increase in classification accuracy. Furthermore, our model exhibited robustness against various attacks in the robustness experiments, including model fine-tuning, model compression, and watermark overlay.

Protecting IP of Deep Neural Networks with Watermarking Using Logistic Disorder Generation Trigger Sets

Leveraging Unlabeled Data for Watermark Removal of Deep Neural Networks

Protecting the Ownership of Deep Learning Models with an End-to-End Watermarking Framework.

A Spatiotemporal Chaos Based Deep Learning Model Watermarking Scheme

Deep Neural Network Watermarking Against Model Extraction Attack

Digital watermarking for deep neural networks

Persistent and Unforgeable Watermarks for Deep Neural Networks.

Subnetwork-Lossless Robust Watermarking for Hostile Theft Attacks in Deep Transfer Learning Models

Deep Model Intellectual Property Protection Via Deep Watermarking

Protecting the Intellectual Property of Deep Neural Networks with Watermarking: The Frequency Domain Approach

Fragile Neural Network Watermarking with Trigger Image Set

Embedding Watermarks into Deep Neural Networks

Protecting the Intellectual Properties of Deep Neural Networks with an Additional Class and Steganographic Images

On Function-Coupled Watermarks for Deep Neural Networks

Wet Paper Coding-Based Deep Neural Network Watermarking

Free Fine-tuning: A Plug-and-Play Watermarking Scheme for Deep Neural Networks

Watermarking Deep Neural Networks With Greedy Residuals

Removing Backdoor-Based Watermarks in Neural Networks with Limited Data.

Deep neural networks watermark via universal deep hiding and metric learning

Watermarking Neural Networks with Watermarked Images

A Novel Watermarking Mechanism for Deep Learning Models Based on Chaotic Boundaries