FreeMark: A Non-Invasive White-Box Watermarking for Deep Neural Networks
This addresses IP protection for DNN developers, offering a practical solution without performance loss, though it is incremental as it builds on existing watermarking concepts.
The paper tackles the problem of intellectual property protection for deep neural networks by introducing FreeMark, a non-invasive watermarking framework that avoids model modification, and it demonstrates effectiveness against removal attacks with high watermark capacity.
Deep neural networks (DNNs) have achieved significant success in real-world applications. However, safeguarding their intellectual property (IP) remains extremely challenging. Existing DNN watermarking for IP protection often require modifying DNN models, which reduces model performance and limits their practicality. This paper introduces FreeMark, a novel DNN watermarking framework that leverages cryptographic principles without altering the original host DNN model, thereby avoiding any reduction in model performance. Unlike traditional DNN watermarking methods, FreeMark innovatively generates secret keys from a pre-generated watermark vector and the host model using gradient descent. These secret keys, used to extract watermark from the model's activation values, are securely stored with a trusted third party, enabling reliable watermark extraction from suspect models. Extensive experiments demonstrate that FreeMark effectively resists various watermark removal attacks while maintaining high watermark capacity.