Cargando…
White Box Watermarking for Convolution Layers in Fine-Tuning Model Using the Constant Weight Code
Deep neural network (DNN) watermarking is a potential approach for protecting the intellectual property rights of DNN models. Similar to classical watermarking techniques for multimedia content, the requirements for DNN watermarking include capacity, robustness, transparency, and other factors. Stud...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10299526/ https://www.ncbi.nlm.nih.gov/pubmed/37367465 http://dx.doi.org/10.3390/jimaging9060117 |
| _version_ | 1785064386121957376 |
|---|---|
| author | Kuribayashi, Minoru Yasui, Tatsuya Malik, Asad |
| author_facet | Kuribayashi, Minoru Yasui, Tatsuya Malik, Asad |
| author_sort | Kuribayashi, Minoru |
| collection | PubMed |
| description | Deep neural network (DNN) watermarking is a potential approach for protecting the intellectual property rights of DNN models. Similar to classical watermarking techniques for multimedia content, the requirements for DNN watermarking include capacity, robustness, transparency, and other factors. Studies have focused on robustness against retraining and fine-tuning. However, less important neurons in the DNN model may be pruned. Moreover, although the encoding approach renders DNN watermarking robust against pruning attacks, the watermark is assumed to be embedded only into the fully connected layer in the fine-tuning model. In this study, we extended the method such that the model can be applied to any convolution layer of the DNN model and designed a watermark detector based on a statistical analysis of the extracted weight parameters to evaluate whether the model is watermarked. Using a nonfungible token mitigates the overwriting of the watermark and enables checking when the DNN model with the watermark was created. |
| format | Online Article Text |
| id | pubmed-10299526 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-102995262023-06-28 White Box Watermarking for Convolution Layers in Fine-Tuning Model Using the Constant Weight Code Kuribayashi, Minoru Yasui, Tatsuya Malik, Asad J Imaging Article Deep neural network (DNN) watermarking is a potential approach for protecting the intellectual property rights of DNN models. Similar to classical watermarking techniques for multimedia content, the requirements for DNN watermarking include capacity, robustness, transparency, and other factors. Studies have focused on robustness against retraining and fine-tuning. However, less important neurons in the DNN model may be pruned. Moreover, although the encoding approach renders DNN watermarking robust against pruning attacks, the watermark is assumed to be embedded only into the fully connected layer in the fine-tuning model. In this study, we extended the method such that the model can be applied to any convolution layer of the DNN model and designed a watermark detector based on a statistical analysis of the extracted weight parameters to evaluate whether the model is watermarked. Using a nonfungible token mitigates the overwriting of the watermark and enables checking when the DNN model with the watermark was created. MDPI 2023-06-09 /pmc/articles/PMC10299526/ /pubmed/37367465 http://dx.doi.org/10.3390/jimaging9060117 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Kuribayashi, Minoru Yasui, Tatsuya Malik, Asad White Box Watermarking for Convolution Layers in Fine-Tuning Model Using the Constant Weight Code |
| title | White Box Watermarking for Convolution Layers in Fine-Tuning Model Using the Constant Weight Code |
| title_full | White Box Watermarking for Convolution Layers in Fine-Tuning Model Using the Constant Weight Code |
| title_fullStr | White Box Watermarking for Convolution Layers in Fine-Tuning Model Using the Constant Weight Code |
| title_full_unstemmed | White Box Watermarking for Convolution Layers in Fine-Tuning Model Using the Constant Weight Code |
| title_short | White Box Watermarking for Convolution Layers in Fine-Tuning Model Using the Constant Weight Code |
| title_sort | white box watermarking for convolution layers in fine-tuning model using the constant weight code |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10299526/ https://www.ncbi.nlm.nih.gov/pubmed/37367465 http://dx.doi.org/10.3390/jimaging9060117 |
| work_keys_str_mv | AT kuribayashiminoru whiteboxwatermarkingforconvolutionlayersinfinetuningmodelusingtheconstantweightcode AT yasuitatsuya whiteboxwatermarkingforconvolutionlayersinfinetuningmodelusingtheconstantweightcode AT malikasad whiteboxwatermarkingforconvolutionlayersinfinetuningmodelusingtheconstantweightcode |