ROSE: A RObust and SEcure DNN Watermarking

@article{Kallas2022ROSEAR,
  title={ROSE: A RObust and SEcure DNN Watermarking},
  author={Kassem Kallas and Teddy Furon},
  journal={2022 IEEE International Workshop on Information Forensics and Security (WIFS)},
  year={2022},
  pages={1-6}
}
  • Kassem KallasT. Furon
  • Published 22 June 2022
  • Computer Science
  • 2022 IEEE International Workshop on Information Forensics and Security (WIFS)
Protecting the Intellectual Property rights of DNN models is of primary importance prior to their deployment. So far, the proposed methods either necessitate changes to internal model parameters or the machine learning pipeline, or they fail to meet both the security and robustness requirements. This paper proposes a lightweight, robust, and secure black-box DNN watermarking protocol that takes advantage of cryptographic one-way functions as well as the injection of in-task key image-label… 
View on IEEE
arxiv.org
1 Citations
Background Citations
1

Figures and Tables from this paper

One Citation

Mixer: DNN Watermarking using Image Mixup

The extensive experiments on image classification models for different datasets as well as exposing them to a variety of attacks, show that the proposed watermarking provides protection with an adequate level of security and robustness.

References

SHOWING 1-10 OF 14 REFERENCES

DNN Watermarking: Four Challenges and a Funeral

DNN watermarking faces differences not only in the way performance, robustness and unobtrusiveness are measured, but also on the embedding domain, since there is the possibility of hiding information in the model behavior.

Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring

This work presents an approach for watermarking Deep Neural Networks in a black-box way, and shows experimentally that such a watermark has no noticeable impact on the primary task that the model is designed for.

A Protocol for Secure Verification of Watermarks Embedded into Machine Learning Models

A novel secure verification protocol is described as well as its possible implementation using Multi-Party Computation that does not only preserve the confidentiality of the watermarks but also helps detecting evasion attacks.

Robust Watermarking of Neural Network with Exponential Weighting

This study presents a novel attack method against such watermarks known as query modification and demonstrates that all currently existing watermarking methods are vulnerable to either query modification or other existing attack methods (such as model modification).

Spread-Transform Dither Modulation Watermarking of Deep Neural Network

Watermarking Deep Neural Networks for Embedded Systems

This work proposes a watermarking system by incorporating the creator's mark inside the strategy for instructing DNNs and discusses in general model execution of the system on in style picture grouping datasets and shows that robust watermarks will be inserted inside the models.

Adversarial frontier stitching for remote neural network watermarking

This paper formally introduces the problem and proposes a novel zero-bit watermarking algorithm that makes use of adversarial model examples, and allows subsequent extraction of the watermark using only few queries.

Protecting Intellectual Property of Deep Neural Networks with Watermarking

By extending the intrinsic generalization and memorization capabilities of deep neural networks, the models to learn specially crafted watermarks at training and activate with pre-specified predictions when observing the watermark patterns at inference, this paper generalizes the "digital watermarking'' concept from multimedia ownership verification to deep neural network (DNN) models.

Embedding Watermarks into Deep Neural Networks

This work proposes to use digital watermarking technology to protect intellectual property and detect intellectual property infringement in the use of trained models, and proposes a general framework for embedding a watermark in model parameters, using a parameter regularizer.

Learning Multiple Layers of Features from Tiny Images

It is shown how to train a multi-layer generative model that learns to extract meaningful features which resemble those found in the human visual cortex, using a novel parallelization algorithm to distribute the work among multiple machines connected on a network.