This thesis investigates copyright protection for deep learning models using watermarking in a black-box setting. It explores three key objectives of the deep neural network (DNN) watermarking research community: preserving decision boundaries, improving watermark robustness, and removing watermarks. Various techniques, such as backdooring methods, frequency-domain watermarking, continual learning and attention alignment, were employed to achieve representative results.
History
Pagination
163 p.
Language
English
Degree type
Doctorate
Degree name
Ph.D.
Copyright notice
All rights reserved
Editor/Contributor(s)
Leo Yu Zhang
Faculty
Faculty of Science, Engineering and Built Environment