File(s) under permanent embargo

Protecting the intellectual property of deep neural networks with watermarking: The frequency domain approach

conference contribution
posted on 2020-12-01, 00:00 authored by M Li, Qi ZhongQi Zhong, Leo ZhangLeo Zhang, Y Du, Jun ZhangJun Zhang, Yong XiangYong Xiang
Similar to other digital assets, deep neural network (DNN) models could suffer from piracy threat initiated by insider and/or outsider adversaries due to their inherent commercial value. DNN watermarking is a promising technique to mitigate this threat to intellectual property. This work focuses on black-box DNN watermarking, with which an owner can only verify his ownership by issuing special trigger queries to a remote suspicious model. However, informed attackers, who are aware of the watermark and somehow obtain the triggers, could forge fake triggers to claim their ownerships since the poor robustness of triggers and the lack of correlation between the model and the owner identity. This consideration calls for new watermarking methods that can achieve better trade-off for addressing the discrepancy. In this paper, we exploit frequency domain image watermarking to generate triggers and build ourDNN watermarking algorithm accordingly. Since watermarking in the frequency domain is high concealment and robust to signal processing operation, the proposed algorithm is superior to existing schemes in resisting fraudulent claim attack. Besides, ex-tensive experimental results on3datasets and8neural networks demonstrate that the proposed DNN watermarking algorithm achieves similar performance on functionality metrics and better performance on security metrics when compared with existing algorithms

History

Event

TrustCom 2020. Trust, Security and Privacy in Computing and Communications. IEEE International Conference (19th : 2020 : Guangzhou, China)

Pagination

402 - 409

Publisher

IEEE Computer Society

Location

Guangzhou, China (part-virtually)

Place of publication

Los Alamitos, Calif.

Start date

2020-12-29

End date

2021-01-01

ISSN

2324-898X

eISSN

2324-9013

ISBN-13

9780738143804

Language

eng

Notes

DOI Not Found : Error https://doi.org/10.1109/TrustCom50675.2020.00062

Publication classification

E1 Full written paper - refereed

Copyright notice

2020, Institute of Electrical and Electronics Engineers

Editor/Contributor(s)

Guojun Wang, Ryan Ko, Md Alam Bhuiyan, Yi Pan

Title of proceedings

TrustCom 2020 : Proceedings of IEEE's 19th International Conference on Trust, Security and Privacy in Computing and Communications