Piracy-Resistant DNN Watermarking by Block-Wise Image Transformation with Secret Key
This addresses the issue of model ownership verification for DNN developers, offering a piracy-resistant solution that prevents watermark overwriting and maintains model accuracy, though it is incremental as it builds on existing DNN watermarking techniques.
The paper tackles the problem of protecting deep neural network (DNN) models from piracy by proposing a watermarking method that embeds a watermark using learnable image transformations with a secret key, achieving high watermark-detection accuracy and resilience against attacks like fine-tuning and pruning on the CIFAR-10 dataset.
In this paper, we propose a novel DNN watermarking method that utilizes a learnable image transformation method with a secret key. The proposed method embeds a watermark pattern in a model by using learnable transformed images and allows us to remotely verify the ownership of the model. As a result, it is piracy-resistant, so the original watermark cannot be overwritten by a pirated watermark, and adding a new watermark decreases the model accuracy unlike most of the existing DNN watermarking methods. In addition, it does not require a special pre-defined training set or trigger set. We empirically evaluated the proposed method on the CIFAR-10 dataset. The results show that it was resilient against fine-tuning and pruning attacks while maintaining a high watermark-detection accuracy.