Regulating Ownership Verification for Deep Neural Networks: Scenarios, Protocols, and Prospects
This work addresses the need for robust ownership verification protocols in deep learning, which is crucial for developers and organizations deploying models in real-world applications, though it appears incremental as it builds on existing watermarking methods.
The paper tackles the problem of protecting deep neural networks as intellectual property by addressing the lack of provable verification protocols in existing watermarking schemes, proposing three protocols for ownership proof, federated learning, and intellectual property transfer.
With the broad application of deep neural networks, the necessity of protecting them as intellectual properties has become evident. Numerous watermarking schemes have been proposed to identify the owner of a deep neural network and verify the ownership. However, most of them focused on the watermark embedding rather than the protocol for provable verification. To bridge the gap between those proposals and real-world demands, we study the deep learning model intellectual property protection in three scenarios: the ownership proof, the federated learning, and the intellectual property transfer. We present three protocols respectively. These protocols raise several new requirements for the bottom-level watermarking schemes.