Secure neural network watermarking protocol against forging attack-Reference-Cited by-同舟云学术

Secure neural network watermarking protocol against forging attack

Published:2020-09-04 Issue:1 Volume:2020 Page:
ISSN:1687-5281
Container-title:EURASIP Journal on Image and Video Processing
language:en
Short-container-title:J Image Video Proc.

Author:

Zhu Renjie,Zhang Xinpeng,Shi Mengte,Tang Zhenjun

Abstract

AbstractIn order to protect the intellectual property of neural network, an owner may select a set of trigger samples and their corresponding labels to train a network, and prove the ownership by the trigger set without revealing the inner mechanism and parameters of the network. However, if an attacker is allowed to access the neural network, he can forge a matching relationship between fake trigger samples and fake labels to confuse the ownership. In this paper, we propose a novel neural network watermarking protocol against the forging attack. By introducing one-way hash function, the trigger samples used to prove ownership must form a one-way chain, and their labels are also assigned. By this way, an attacker without the right of network training is impossible to construct a chain of trigger samples or the matching relationship between the trigger samples and the assigned labels. Our experiments show that the proposed protocol can resist the watermark forgery without sacrificing the network performance.

Funder

Natural Science Foundation of China

Publisher

Springer Science and Business Media LLC

Subject

Electrical and Electronic Engineering,Information Systems,Signal Processing

Link

https://link.springer.com/content/pdf/10.1186/s13640-020-00527-1.pdf

Reference13 articles.

1. Uchida, Y., Nagai, Y., Sakazawa, S., Satoh, S.: Embedding watermarks into deep neural networks. In: Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval, pp. 269–277 (2017). ACM

2. Wang, T., Kerschbaum, F.: Attacks on digital watermarks for deep neural networks. In: ICASSP 2019-2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2622–2626 (2019). IEEE

3. Darvish Rouhani, B., Chen, H., Koushanfar, F.: Deepsigns: An end-to-end watermarking framework for ownership protection of deep neural networks. In: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 485–497 (2019). ACM

4. Adi, Y., Baum, C., Cisse, M., Pinkas, B., Keshet, J.: Turning your weakness into a strength: Watermarking deep neural networks by backdooring. In: 27th {USENIX} Security Symposium ({USENIX} Security 18), pp. 1615–1631 (2018)

5. Le Merrer, E., Perez, P., Tredan, G.: Adversarial frontier stitching for remote neural network watermarking. Neural Computing and Applications, 1–12 (2019)

Cited by 31 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Novel Framework for Digital Image Watermarking Based on Neural Network;Elektronika ir Elektrotechnika;2024-06-18

2. Data-Free Watermark for Deep Neural Networks by Truncated Adversarial Distillation;ICASSP 2024 - 2024 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP);2024-04-14

3. Artificial Intelligence in Intellectual Property Protection: Application of Deep Learning Model;EAI Endorsed Transactions on Internet of Things;2024-03-12

4. DeepDIST: A Black-Box Anti-Collusion Framework for Secure Distribution of Deep Models;IEEE Transactions on Circuits and Systems for Video Technology;2024-01

5. A Data Security Protection Method for Deep Neural Network Model Based on Mobility and Sharing;Lecture Notes in Computer Science;2024