Cargando…
Protecting IP of Deep Neural Networks with Watermarking: A New Label Helps
Deep neural network (DNN) models have shown great success in almost every artificial area. It is a non-trivial task to build a good DNN model. Nowadays, various MLaaS providers have launched their cloud services, which trains DNN models for users. Once they are released, driven by potential monetary...
| Autores principales: | , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7206275/ http://dx.doi.org/10.1007/978-3-030-47436-2_35 |
| _version_ | 1783530383657140224 |
|---|---|
| author | Zhong, Qi Zhang, Leo Yu Zhang, Jun Gao, Longxiang Xiang, Yong |
| author_facet | Zhong, Qi Zhang, Leo Yu Zhang, Jun Gao, Longxiang Xiang, Yong |
| author_sort | Zhong, Qi |
| collection | PubMed |
| description | Deep neural network (DNN) models have shown great success in almost every artificial area. It is a non-trivial task to build a good DNN model. Nowadays, various MLaaS providers have launched their cloud services, which trains DNN models for users. Once they are released, driven by potential monetary profit, the models may be duplicated, resold, or redistributed by adversaries, including greedy service providers themselves. To mitigate this threat, in this paper, we propose an innovative framework to protect the intellectual property of deep learning models, that is, watermarking the model by adding a new label to crafted key samples during training. The intuition comes from the fact that, compared with existing DNN watermarking methods, adding a new label will not twist the original decision boundary but can help the model learn the features of key samples better. We implement a prototype of our framework and evaluate the performance under three different benchmark datasets, and investigate the relationship between model accuracy, perturbation strength, and key samples’ length. Extensive experimental results show that, compared with the existing schemes, the proposed method performs better under small perturbation strength or short key samples’ length in terms of classification accuracy and ownership verification efficiency. |
| format | Online Article Text |
| id | pubmed-7206275 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-72062752020-05-08 Protecting IP of Deep Neural Networks with Watermarking: A New Label Helps Zhong, Qi Zhang, Leo Yu Zhang, Jun Gao, Longxiang Xiang, Yong Advances in Knowledge Discovery and Data Mining Article Deep neural network (DNN) models have shown great success in almost every artificial area. It is a non-trivial task to build a good DNN model. Nowadays, various MLaaS providers have launched their cloud services, which trains DNN models for users. Once they are released, driven by potential monetary profit, the models may be duplicated, resold, or redistributed by adversaries, including greedy service providers themselves. To mitigate this threat, in this paper, we propose an innovative framework to protect the intellectual property of deep learning models, that is, watermarking the model by adding a new label to crafted key samples during training. The intuition comes from the fact that, compared with existing DNN watermarking methods, adding a new label will not twist the original decision boundary but can help the model learn the features of key samples better. We implement a prototype of our framework and evaluate the performance under three different benchmark datasets, and investigate the relationship between model accuracy, perturbation strength, and key samples’ length. Extensive experimental results show that, compared with the existing schemes, the proposed method performs better under small perturbation strength or short key samples’ length in terms of classification accuracy and ownership verification efficiency. 2020-04-17 /pmc/articles/PMC7206275/ http://dx.doi.org/10.1007/978-3-030-47436-2_35 Text en © Springer Nature Switzerland AG 2020 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Article Zhong, Qi Zhang, Leo Yu Zhang, Jun Gao, Longxiang Xiang, Yong Protecting IP of Deep Neural Networks with Watermarking: A New Label Helps |
| title | Protecting IP of Deep Neural Networks with Watermarking: A New Label Helps |
| title_full | Protecting IP of Deep Neural Networks with Watermarking: A New Label Helps |
| title_fullStr | Protecting IP of Deep Neural Networks with Watermarking: A New Label Helps |
| title_full_unstemmed | Protecting IP of Deep Neural Networks with Watermarking: A New Label Helps |
| title_short | Protecting IP of Deep Neural Networks with Watermarking: A New Label Helps |
| title_sort | protecting ip of deep neural networks with watermarking: a new label helps |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7206275/ http://dx.doi.org/10.1007/978-3-030-47436-2_35 |
| work_keys_str_mv | AT zhongqi protectingipofdeepneuralnetworkswithwatermarkinganewlabelhelps AT zhangleoyu protectingipofdeepneuralnetworkswithwatermarkinganewlabelhelps AT zhangjun protectingipofdeepneuralnetworkswithwatermarkinganewlabelhelps AT gaolongxiang protectingipofdeepneuralnetworkswithwatermarkinganewlabelhelps AT xiangyong protectingipofdeepneuralnetworkswithwatermarkinganewlabelhelps |