Robust and Imperceptible Black-box DNN Watermarking Based on Fourier Perturbation Analysis and Frequency Sensitivity Clustering

08/08/2022
by   Yong Liu, et al.
0

Recently, more and more attention has been focused on the intellectual property protection of deep neural networks (DNNs), promoting DNN watermarking to become a hot research topic. Compared with embedding watermarks directly into DNN parameters, inserting trigger-set watermarks enables us to verify the ownership without knowing the internal details of the DNN, which is more suitable for application scenarios. The cost is we have to carefully craft the trigger samples. Mainstream methods construct the trigger samples by inserting a noticeable pattern to the clean samples in the spatial domain, which does not consider sample imperceptibility, sample robustness and model robustness, and therefore has limited the watermarking performance and the model generalization. It has motivated the authors in this paper to propose a novel DNN watermarking method based on Fourier perturbation analysis and frequency sensitivity clustering. First, we analyze the perturbation impact of different frequency components of the input sample on the task functionality of the DNN by applying random perturbation. Then, by K-means clustering, we determine the frequency components that result in superior watermarking performance for crafting the trigger samples. Our experiments show that the proposed work not only maintains the performance of the DNN on its original task, but also provides better watermarking performance compared with related works.

READ FULL TEXT

page 1

page 3

page 4

page 7

research
09/09/2022

Robust and Lossless Fingerprinting of Deep Neural Networks via Pooled Membership Inference

Deep neural networks (DNNs) have already achieved great success in a lot...
research
07/30/2020

Black-box Adversarial Sample Generation Based on Differential Evolution

Deep Neural Networks (DNNs) are being used in various daily tasks such a...
research
03/23/2023

Don't FREAK Out: A Frequency-Inspired Approach to Detecting Backdoor Poisoned Samples in DNNs

In this paper we investigate the frequency sensitivity of Deep Neural Ne...
research
12/06/2022

Mixer: DNN Watermarking using Image Mixup

It is crucial to protect the intellectual property rights of DNN models ...
research
01/22/2019

Sensitivity Analysis of Deep Neural Networks

Deep neural networks (DNNs) have achieved superior performance in variou...
research
05/09/2022

Verifying Integrity of Deep Ensemble Models by Lossless Black-box Watermarking with Sensitive Samples

With the widespread use of deep neural networks (DNNs) in many areas, mo...
research
09/18/2020

X-DC: Explainable Deep Clustering based on Learnable Spectrogram Templates

Deep neural networks (DNNs) have achieved substantial predictive perform...

Please sign up or login with your details

Forgot password? Click here to reset