Protecting Intellectual Property of Generative Adversarial Networks from Ambiguity Attack
This work provides a crucial intellectual property protection mechanism for GANs, which are widely used in MLaaS, addressing a significant vulnerability for model owners.
This paper addresses the lack of intellectual property protection for Generative Adversarial Networks (GANs) in Machine Learning as a Service (MLaaS) by proposing a comprehensive framework for both black-box and white-box settings. The method successfully protects GANs from removal and ambiguity attacks on embedded watermarks without compromising their original performance in tasks like image generation, super-resolution, and style transfer.
Ever since Machine Learning as a Service (MLaaS) emerges as a viable business that utilizes deep learning models to generate lucrative revenue, Intellectual Property Right (IPR) has become a major concern because these deep learning models can easily be replicated, shared, and re-distributed by any unauthorized third parties. To the best of our knowledge, one of the prominent deep learning models - Generative Adversarial Networks (GANs) which has been widely used to create photorealistic image are totally unprotected despite the existence of pioneering IPR protection methodology for Convolutional Neural Networks (CNNs). This paper therefore presents a complete protection framework in both black-box and white-box settings to enforce IPR protection on GANs. Empirically, we show that the proposed method does not compromise the original GANs performance (i.e. image generation, image super-resolution, style transfer), and at the same time, it is able to withstand both removal and ambiguity attacks against embedded watermarks.