Robust Watermarking of Neural Network with Exponential Weighting

01/18/2019
by   Ryota Namba, et al.
0

Deep learning has been achieving top performance in many tasks. Since training of a deep learning model requires a great deal of cost, we need to treat neural network models as valuable intellectual properties. One concern in such a situation is that some malicious user might redistribute the model or provide a prediction service using the model without permission. One promising solution is digital watermarking, to embed a mechanism into the model so that the owner of the model can verify the ownership of the model externally. In this study, we present a novel attack method against watermark, query modification, and demonstrate that all of the existing watermark methods are vulnerable to either of query modification or existing attack method (model modification). To overcome this vulnerability, we present a novel watermarking method, exponential weighting. We experimentally show that our watermarking method achieves high verification performance of watermark even under a malicious attempt of unauthorized service providers, such as model modification and query modification, without sacrificing the predictive performance of the neural network model.

READ FULL TEXT

page 6

page 12

research
04/19/2021

Protecting the Intellectual Properties of Deep Neural Networks with an Additional Class and Steganographic Images

Recently, the research on protecting the intellectual properties (IP) of...
research
08/22/2023

PatchBackdoor: Backdoor Attack against Deep Neural Networks without Model Modification

Backdoor attack is a major threat to deep learning systems in safety-cri...
research
02/01/2023

A Robust Certificate Management System to Prevent Evil Twin Attacks in IEEE 802.11 Networks

The evil twin attack is a major security threat to WLANs. An evil twin i...
research
12/05/2016

Improving the Performance of Neural Networks in Regression Tasks Using Drawering

The method presented extends a given regression neural network to make i...
research
03/05/2021

Don't Forget to Sign the Gradients!

Engineering a top-notch deep learning model is an expensive procedure th...
research
02/28/2023

Backdoor Attacks Against Deep Image Compression via Adaptive Frequency Trigger

Recent deep-learning-based compression methods have achieved superior pe...
research
03/05/2019

Hue Modification Localization By Pair Matching

Hue modification is the adjustment of hue property on color images. Cond...

Please sign up or login with your details

Forgot password? Click here to reset