AWEncoder: Adversarial Watermarking Pre-trained Encoders in Contrastive Learning

@article{Zhang2022AWEncoderAW,
  title={AWEncoder: Adversarial Watermarking Pre-trained Encoders in Contrastive Learning},
  author={Tianxing Zhang and Hanzhou Wu and Xiaofeng Lu and Guangling Sun},
  journal={ArXiv},
  year={2022},
  volume={abs/2208.03948}
}
—As a self-supervised learning paradigm, contrastive learning has been widely used to pre-train a powerful encoder as an effective feature extractor for various downstream tasks. This process requires numerous unlabeled training data and compu-tational resources, which makes the pre-trained encoder become valuable intellectual property of the owner. However, the lack of a priori knowledge of downstream tasks makes it non-trivial to protect the intellectual property of the pre-trained encoder by… 

Figures and Tables from this paper

Robust and Lossless Fingerprinting of Deep Neural Networks via Pooled Membership Inference

The authors propose a novel technique called pooled membership inference (PMI) so as to protect the IP of the DNN models by inferring which mini-dataset among multiple mini- datasets was once used to train the target DNN model, which differs from previous arts and has remarkable potential in practice.

References

SHOWING 1-10 OF 34 REFERENCES

Watermarking Pre-trained Encoders in Contrastive Learning

This work proposes the first watermarking methodology for the pre-trained encoders using a task-agnostic loss function to effectively embed into the encoder a backdoor as the watermark and indicates high effectiveness and robustness against different adversarial operations.

Momentum Contrast for Unsupervised Visual Representation Learning

We present Momentum Contrast (MoCo) for unsupervised visual representation learning. From a perspective on contrastive learning as dictionary look-up, we build a dynamic dictionary with a queue and a

Self-Supervised Visual Feature Learning With Deep Neural Networks: A Survey

An extensive review of deep learning-based self-supervised general visual feature learning methods from images or videos as a subset of unsupervised learning methods to learn general image and video features from large-scale unlabeled data without using any human-annotated labels is provided.

Deep Residual Learning for Image Recognition

This work presents a residual learning framework to ease the training of networks that are substantially deeper than those used previously, and provides comprehensive empirical evidence showing that these residual networks are easier to optimize, and can gain accuracy from considerably increased depth.

A Simple Framework for Contrastive Learning of Visual Representations

It is shown that composition of data augmentations plays a critical role in defining effective predictive tasks, and introducing a learnable nonlinear transformation between the representation and the contrastive loss substantially improves the quality of the learned representations, and contrastive learning benefits from larger batch sizes and more training steps compared to supervised learning.

ImageNet Large Scale Visual Recognition Challenge

The creation of this benchmark dataset and the advances in object recognition that have been possible as a result are described, and the state-of-the-art computer vision accuracy with human accuracy is compared.

SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders

SSLGuard is the first watermarking scheme for pre-trained encoders and it is robust against model stealing and other watermark removal attacks such as input noising, output perturbing, overwriting, model pruning, and fine-tuning.

Copy, Right? A Testing Framework for Copyright Protection of Deep Learning Models

A novel testing framework for deep learning copyright protection: DEEPJUDGE quantitatively tests the similarities between two deep learning models: a victim model and a suspect model, which leverages a diverse set of testing metrics and efficient test case generation algorithms to produce a chain of supporting evidence to help determine whether a suspects model is a copy of the victim model.

BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning

This work proposes BadEncoder, the first backdoor attack to self-supervised learning, which injects backdoors into a pre-trained image encoder such that the downstream classifiers built based on the backdoored imageEncoder for different downstream tasks simultaneously inherit the backdoor behavior.

Structural Watermarking to Deep Neural Networks via Network Channel Pruning

This paper introduces a structural watermarking scheme that utilizes channel pruning to embed the watermark into the host DNN architecture instead of crafting the DNN parameters.