File(s) under permanent embargo
Protecting the intellectual property of deep neural networks with watermarking: The frequency domain approach
conference contribution
posted on 2020-12-01, 00:00 authored by M Li, Qi Zhong, Leo ZhangLeo Zhang, Y Du, Jun ZhangJun Zhang, Yong XiangYong XiangSimilar to other digital assets, deep neural network (DNN) models could suffer from piracy threat initiated by insider and/or outsider adversaries due to their inherent commercial value. DNN watermarking is a promising technique to mitigate this threat to intellectual property. This work focuses on black-box DNN watermarking, with which an owner can only verify his ownership by issuing special trigger queries to a remote suspicious model. However, informed attackers, who are aware of the watermark and somehow obtain the triggers, could forge fake triggers to claim their ownerships since the poor robustness of triggers and the lack of correlation between the model and the owner identity. This consideration calls for new watermarking methods that can achieve better trade-off for addressing the discrepancy. In this paper, we exploit frequency domain image watermarking to generate triggers and build ourDNN watermarking algorithm accordingly. Since watermarking in the frequency domain is high concealment and robust to signal processing operation, the proposed algorithm is superior to existing schemes in resisting fraudulent claim attack. Besides, ex-tensive experimental results on3datasets and8neural networks demonstrate that the proposed DNN watermarking algorithm achieves similar performance on functionality metrics and better performance on security metrics when compared with existing algorithms
History
Event
TrustCom 2020. Trust, Security and Privacy in Computing and Communications. IEEE International Conference (19th : 2020 : Guangzhou, China)Pagination
402 - 409Publisher
IEEE Computer SocietyLocation
Guangzhou, China (part-virtually)Place of publication
Los Alamitos, Calif.Publisher DOI
Start date
2020-12-29End date
2021-01-01ISSN
2324-898XeISSN
2324-9013ISBN-13
9780738143804Language
engNotes
DOI Not Found : Error https://doi.org/10.1109/TrustCom50675.2020.00062Publication classification
E1 Full written paper - refereedCopyright notice
2020, Institute of Electrical and Electronics EngineersEditor/Contributor(s)
Guojun Wang, Ryan Ko, Md Alam Bhuiyan, Yi PanTitle of proceedings
TrustCom 2020 : Proceedings of IEEE's 19th International Conference on Trust, Security and Privacy in Computing and CommunicationsUsage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC