Ownership Protection of Generative Adversarial Networks
This addresses the need for robust ownership protection for commercially valuable GAN models, offering a solution that is directly applicable to existing models and resilient to various attacks.
The paper tackles the problem of protecting the intellectual property of Generative Adversarial Networks (GANs) from model extraction attacks, proposing a method that achieves the best protection performance compared to state-of-the-art methods without requiring retraining of target models.
Generative adversarial networks (GANs) have shown remarkable success in image synthesis, making GAN models themselves commercially valuable to legitimate model owners. Therefore, it is critical to technically protect the intellectual property of GANs. Prior works need to tamper with the training set or training process, and they are not robust to emerging model extraction attacks. In this paper, we propose a new ownership protection method based on the common characteristics of a target model and its stolen models. Our method can be directly applicable to all well-trained GANs as it does not require retraining target models. Extensive experimental results show that our new method can achieve the best protection performance, compared to the state-of-the-art methods. Finally, we demonstrate the effectiveness of our method with respect to the number of generations of model extraction attacks, the number of generated samples, different datasets, as well as adaptive attacks.