Cargando…
Adam and the Ants: On the Influence of the Optimization Algorithm on the Detectability of DNN Watermarks
As training Deep Neural Networks (DNNs) becomes more expensive, the interest in protecting the ownership of the models with watermarking techniques increases. Uchida et al. proposed a digital watermarking algorithm that embeds the secret message into the model coefficients. However, despite its appe...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7762180/ https://www.ncbi.nlm.nih.gov/pubmed/33279925 http://dx.doi.org/10.3390/e22121379 |
| _version_ | 1783627743712247808 |
|---|---|
| author | Cortiñas-Lorenzo, Betty Pérez-González, Fernando |
| author_facet | Cortiñas-Lorenzo, Betty Pérez-González, Fernando |
| author_sort | Cortiñas-Lorenzo, Betty |
| collection | PubMed |
| description | As training Deep Neural Networks (DNNs) becomes more expensive, the interest in protecting the ownership of the models with watermarking techniques increases. Uchida et al. proposed a digital watermarking algorithm that embeds the secret message into the model coefficients. However, despite its appeal, in this paper, we show that its efficacy can be compromised by the optimization algorithm being used. In particular, we found through a theoretical analysis that, as opposed to Stochastic Gradient Descent (SGD), the update direction given by Adam optimization strongly depends on the sign of a combination of columns of the projection matrix used for watermarking. Consequently, as observed in the empirical results, this makes the coefficients move in unison giving rise to heavily spiked weight distributions that can be easily detected by adversaries. As a way to solve this problem, we propose a new method called Block-Orthonormal Projections (BOP) that allows one to combine watermarking with Adam optimization with a minor impact on the detectability of the watermark and an increased robustness. |
| format | Online Article Text |
| id | pubmed-7762180 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-77621802021-02-24 Adam and the Ants: On the Influence of the Optimization Algorithm on the Detectability of DNN Watermarks Cortiñas-Lorenzo, Betty Pérez-González, Fernando Entropy (Basel) Article As training Deep Neural Networks (DNNs) becomes more expensive, the interest in protecting the ownership of the models with watermarking techniques increases. Uchida et al. proposed a digital watermarking algorithm that embeds the secret message into the model coefficients. However, despite its appeal, in this paper, we show that its efficacy can be compromised by the optimization algorithm being used. In particular, we found through a theoretical analysis that, as opposed to Stochastic Gradient Descent (SGD), the update direction given by Adam optimization strongly depends on the sign of a combination of columns of the projection matrix used for watermarking. Consequently, as observed in the empirical results, this makes the coefficients move in unison giving rise to heavily spiked weight distributions that can be easily detected by adversaries. As a way to solve this problem, we propose a new method called Block-Orthonormal Projections (BOP) that allows one to combine watermarking with Adam optimization with a minor impact on the detectability of the watermark and an increased robustness. MDPI 2020-12-06 /pmc/articles/PMC7762180/ /pubmed/33279925 http://dx.doi.org/10.3390/e22121379 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Cortiñas-Lorenzo, Betty Pérez-González, Fernando Adam and the Ants: On the Influence of the Optimization Algorithm on the Detectability of DNN Watermarks |
| title | Adam and the Ants: On the Influence of the Optimization Algorithm on the Detectability of DNN Watermarks |
| title_full | Adam and the Ants: On the Influence of the Optimization Algorithm on the Detectability of DNN Watermarks |
| title_fullStr | Adam and the Ants: On the Influence of the Optimization Algorithm on the Detectability of DNN Watermarks |
| title_full_unstemmed | Adam and the Ants: On the Influence of the Optimization Algorithm on the Detectability of DNN Watermarks |
| title_short | Adam and the Ants: On the Influence of the Optimization Algorithm on the Detectability of DNN Watermarks |
| title_sort | adam and the ants: on the influence of the optimization algorithm on the detectability of dnn watermarks |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7762180/ https://www.ncbi.nlm.nih.gov/pubmed/33279925 http://dx.doi.org/10.3390/e22121379 |
| work_keys_str_mv | AT cortinaslorenzobetty adamandtheantsontheinfluenceoftheoptimizationalgorithmonthedetectabilityofdnnwatermarks AT perezgonzalezfernando adamandtheantsontheinfluenceoftheoptimizationalgorithmonthedetectabilityofdnnwatermarks |