• Corpus ID: 239024711

Speech Pattern based Black-box Model Watermarking for Automatic Speech Recognition

  title={Speech Pattern based Black-box Model Watermarking for Automatic Speech Recognition},
  author={Haozhe Chen and Weiming Zhang and Kunlin Liu and Kejiang Chen and Han Fang and Nenghai Yu},
As an effective method for intellectual property (IP) protection, model watermarking technology has been applied on a wide variety of deep neural networks (DNN), including speech classification models. However, how to design a black-box watermarking scheme for automatic speech recognition (ASR) models is still an unsolved problem, which is a significant demand for protecting remote ASR Application Programming Interface (API) deployed in cloud servers. Due to conditional independence assumption… 

Figures and Tables from this paper


Protecting Intellectual Property of Deep Neural Networks with Watermarking
By extending the intrinsic generalization and memorization capabilities of deep neural networks, the models to learn specially crafted watermarks at training and activate with pre-specified predictions when observing the watermark patterns at inference, this paper generalizes the "digital watermarking'' concept from multimedia ownership verification to deep neural network (DNN) models.
How to prove your model belongs to you: a blind-watermark based framework to protect intellectual property of DNN
A novel intellectual property protection (IPP) framework based on blind-watermark for watermarking deep neural networks that meet the requirements of security and feasibility and can achieve state-of-art performances on undetectability against evasion attack and un-forgeability against fraudulent claims of ownership.
Embedding Watermarks into Deep Neural Networks
This work proposes to use digital watermarking technology to protect intellectual property and detect intellectual property infringement in the use of trained models, and proposes a general framework for embedding a watermark in model parameters, using a parameter regularizer.
Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring
This work presents an approach for watermarking Deep Neural Networks in a black-box way, and shows experimentally that such a watermark has no noticeable impact on the primary task that the model is designed for.
Adversarial frontier stitching for remote neural network watermarking
This paper formally introduces the problem and proposes a novel zero-bit watermarking algorithm that makes use of adversarial model examples, and allows subsequent extraction of the watermark using only few queries.
VAE-Stega: Linguistic Steganography Based on Variational Auto-Encoder
Experimental results show that the proposed model can greatly improve the imperceptibility of the generated steganographic sentences and thus achieves the state of the art performance.
Deep Speech: Scaling up end-to-end speech recognition
Deep Speech, a state-of-the-art speech recognition system developed using end-to-end deep learning, outperforms previously published results on the widely studied Switchboard Hub5'00, achieving 16.0% error on the full test set.
End-to-end attention-based large vocabulary speech recognition
This work investigates an alternative method for sequence modelling based on an attention mechanism that allows a Recurrent Neural Network (RNN) to learn alignments between sequences of input frames and output labels.
Deep Residual Learning for Image Recognition
This work presents a residual learning framework to ease the training of networks that are substantially deeper than those used previously, and provides comprehensive empirical evidence showing that these residual networks are easier to optimize, and can gain accuracy from considerably increased depth.
ImageNet classification with deep convolutional neural networks
A large, deep convolutional neural network was trained to classify the 1.2 million high-resolution images in the ImageNet LSVRC-2010 contest into the 1000 different classes and employed a recently developed regularization method called "dropout" that proved to be very effective.