Poster: On the Feasibility of Training Neural Networks with Visibly Watermarked Dataset
This addresses data ownership claims for machine learning practitioners, but it is incremental as it builds on existing watermarking and adversarial network methods.
The authors tackled the problem of using visibly watermarked images for training neural networks by proposing DeepStamp, a framework that synthesizes watermarked images that are human-perceptible, robust to removal, and usable for classification with minimal accuracy loss, achieving results on CIFAR10.
As there are increasing needs of sharing data for machine learning, there is growing attention for the owners of the data to claim the ownership. Visible watermarking has been an effective way to claim the ownership of visual data, yet the visibly watermarked images are not regarded as a primary source for learning visual recognition models due to the lost visual information by in the watermark and the possibility of an attack to remove the watermarks. To make the watermarked images better suited for machine learning with less risk of removal, we propose DeepStamp, a watermarking framework that, given a watermarking image and a trained network for image classification, learns to synthesize a watermarked image that are human-perceptible, robust to removals, and able to be used as training images for classification with minimal accuracy loss. To achieve the goal, we employ the generative multi-adversarial network (GMAN). In experiments with CIFAR10, we show that the DeepStamp learn to transform a watermark to be embedded in each image and the watermarked images can be used to train networks.