Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Introduction Read chapter Read first chapter

2023 | OriginalPaper | Chapter

2. Ownership Verification Protocols for Deep Neural Network Watermarks

Authors : Fangqi Li, Shilin Wang

Published in: Digital Watermarking for Machine Learning Model

Publisher: Springer Nature Singapore

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

To protect deep neural networks as intellectual properties, it is necessary to accurately identify their author or registered owner. Numerous techniques, spearheaded by the watermark, have been proposed to establish the connection between a deep neural network and its owner; however, it is until that such connection is provably unambiguous and unforgeable that it can be leveraged for copyright protection. The ownership proof is feasible only after multiple parties, including the owner, the adversary, and the third party to whom the owner wants to present a proof operate under deliberate protocols. The design of these ownership verification protocols requires more careful insight into the knowledge and privacy concerns of participants, during which process several extra security risks emerge. This chapter briefly reviews ordinary security requirements in deep neural network watermarking schemes, formulates several additional requirements regarding ownership proof under elementary protocols, and puts forward the necessity of analyzing and regulating the ownership verification procedure.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Introduction
next chapter Model Watermarking for Deep Neural Networks of Image Recovery
Literature
1.
Adi, Y., Baum, C., Cisse, M., Pinkas, B., Keshet, J.: Turning your weakness into a strength: Watermarking deep neural networks by backdooring. In: 27th {USENIX} Security Symposium ({USENIX} Security 18), pp. 1615–1631 (2018)
2.
Chen, J., Wang, J., Peng, T., Sun, Y., Cheng, P., Ji, S., Ma, X., Li, B., Song, D.: Copy, right? a testing framework for copyright protection of deep learning models. In: 2022 IEEE Security and Privacy, pp. 1–6
3.
Darvish Rouhani, B., Chen, H., Koushanfar, F.: DeepSigns: An end-to-end watermarking framework for ownership protection of deep neural networks. In: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 485–497 (2019)
4.
Fan, L., Ng, K.W., Chan, C.S., Yang, Q.: DeepIP: Deep neural network intellectual property protection with passports. IEEE Trans. Pattern Analy. Mach. Intell. 1, 1–1 (2021)
5.
Guo, S., Zhang, T., Qiu, H., Zeng, Y., Xiang, T., Liu, Y.: Fine-tuning is not enough: A simple yet effective watermark removal attack for DNN models. In: ICML (2020)
6.
Jia, H., Choquette-Choo, C.A., Chandrasekaran, V., Papernot, N.: Entangled watermarks as a defense against model extraction. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 1937–1954. USENIX Association, Berkeley (2021)
7.
Li, Z., Hu, C., Zhang, Y., Guo, S.: How to prove your model belongs to you: a blind-watermark based framework to protect intellectual property of DNN. In: Proceedings of ACSAC, pp. 126–137 (2019)
8.
Li, T., Sahu, A.K., Talwalkar, A., Smith, V.: Federated learning: Challenges, methods, and future directions. IEEE Signal Process. Mag. 37(3), 50–60 (2020)CrossRef
9.
Li, F.Q., Wang, S.L., Liew, A.W.-C.: Regulating ownership verification for deep neural networks: Scenarios, protocols, and prospects. In: IJCAI Workshop (2021)
10.
Li, F., Yang, L., Wang, S., Liew, A. W.-C.: Leveraging multi-task learning for unambiguous and flexible deep neural network watermarking. In: AAAI SafeAI Workshop (2021)
11.
Li, F.-Q., Wang, S.-L., Zhu, Y.: Fostering the robustness of white-box deep neural network watermarks by neuron alignment. In: 2022 IEEE ICASSP, pp. 1–6 (2022)
12.
Li, F.Q., Wang, S., Liew, A.W.-C.: Watermarking protocol for deep neural network ownership regulation in federated learning. In: 2022 IEEE International Conference on Multimedia Expo Workshops (ICMEW), pp. 1–5 (2022)
13.
Liu, K., Dolan-Gavitt, B., Garg, S.: Fine-pruning: Defending against backdooring attacks on deep neural networks. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 273–294. Springer, Berlin (2018)
14.
Liu, Y., Lee, W.C., Tao, G., Ma, S., Aafer, Y., Zhang, X.: ABS: Scanning neural networks for back-doors by artificial brain stimulation. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1265–1282 (2019)
15.
Namba, R., Sakuma, J.: Robust watermarking of neural network with exponential weighting. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 228–240 (2019)
16.
Uchida, Y., Nagai, Y., Sakazawa, S., Satoh, S.: Embedding watermarks into deep neural networks. In: Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval, pp. 269–277 (2017)
17.
Wang, T., Kerschbaum, F.: RIGA: Covert and robust white-box watermarking of deep neural networks. In: Proceedings of the Web Conference 2021, pp. 993–1004 (2021)
18.
Wang, B., Yao, Y., Shan, S., Li, H., Viswanath, B., Zheng, H., Zhao, B.Y.: Neural cleanse: Identifying and mitigating backdoor attacks in neural networks. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 707–723. IEEE, Piscataway (2019)
19.
Xue, M., Zhang, Y., Wang, J., Liu, W.: Intellectual property protection for deep learning models: Taxonomy, methods, attacks, and evaluations. IEEE Trans. Artif. Intell. 3(6) 908–923 (2021)CrossRef
20.
Yang, Q., Liu, Y., Chen, T., Tong, Y.: Federated machine learning: concept and applications. ACM Trans. Intell. Syst. Technol. 10(2), 1–19 (2019)CrossRef
21.
Zhang, J., Gu, Z., Jang, J., Wu, H., Stoecklin, M.P., Huang, H., Molloy, I.: Protecting intellectual property of deep neural networks with watermarking. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 159–172 (2018)
22.
Zhao, J., Hu, Q., Liu, G., Ma, X., Chen, F., Hassan, M.M.: AFA: adversarial fingerprinting authentication for deep neural networks. Comput. Commun. 150, 488–497 (2020)CrossRef
23.
Zhu, R., Zhang, X., Shi, M., Tang, Z.: Secure neural network watermarking protocol against forging attack. EURASIP J. Image Video Process. 2020(1), 1–12 (2020)CrossRef
Metadata
Title
Ownership Verification Protocols for Deep Neural Network Watermarks
Authors
Fangqi Li
Shilin Wang
Copyright Year
2023
Publisher
Springer Nature Singapore
Book
Digital Watermarking for Machine Learning Model

Print ISBN: 978-981-19-7553-0

Electronic ISBN: 978-981-19-7554-7

Copyright Year: 2023

DOI
https://doi.org/10.1007/978-981-19-7554-7_2

Premium Partner

    Image Credits