Robust Black-box Watermarking for Deep NeuralNetwork using Inverse Document Frequency

03/09/2021
by   Mohammad Mehdi Yadollahi, et al.
0

Deep learning techniques are one of the most significant elements of any Artificial Intelligence (AI) services. Recently, these Machine Learning (ML) methods, such as Deep Neural Networks (DNNs), presented exceptional achievement in implementing human-level capabilities for various predicaments, such as Natural Processing Language (NLP), voice recognition, and image processing, etc. Training these models are expensive in terms of computational power and the existence of enough labelled data. Thus, ML-based models such as DNNs establish genuine business value and intellectual property (IP) for their owners. Therefore the trained models need to be protected from any adversary attacks such as illegal redistribution, reproducing, and derivation. Watermarking can be considered as an effective technique for securing a DNN model. However, so far, most of the watermarking algorithm focuses on watermarking the DNN by adding noise to an image. To this end, we propose a framework for watermarking a DNN model designed for a textual domain. The watermark generation scheme provides a secure watermarking method by combining Term Frequency (TF) and Inverse Document Frequency (IDF) of a particular word. The proposed embedding procedure takes place in the model's training time, making the watermark verification stage straightforward by sending the watermarked document to the trained model. The experimental results show that watermarked models have the same accuracy as the original ones. The proposed framework accurately verifies the ownership of all surrogate models without impairing the performance. The proposed algorithm is robust against well-known attacks such as parameter pruning and brute force attack.

READ FULL TEXT
research
04/25/2023

Improving Robustness Against Adversarial Attacks with Deeply Quantized Neural Networks

Reducing the memory footprint of Machine Learning (ML) models, particula...
research
08/05/2021

Exploring Structure Consistency for Deep Model Watermarking

The intellectual property (IP) of Deep neural networks (DNNs) can be eas...
research
10/31/2019

Robust and Undetectable White-Box Watermarks for Deep Neural Networks

Training deep neural networks (DNN) is expensive in terms of computation...
research
06/06/2022

PCPT and ACPT: Copyright Protection and Traceability Scheme for DNN Model

Deep neural networks (DNNs) have achieved tremendous success in artifici...
research
03/05/2021

Don't Forget to Sign the Gradients!

Engineering a top-notch deep learning model is an expensive procedure th...
research
02/03/2021

TAD: Trigger Approximation based Black-box Trojan Detection for AI

An emerging amount of intelligent applications have been developed with ...
research
11/08/2018

Performance Comparison of Contemporary DNN Watermarking Techniques

DNNs shall be considered as the intellectual property (IP) of the model ...

Please sign up or login with your details

Forgot password? Click here to reset