Filters








73 Hits in 5.5 sec

RIGA: Covert and Robust White-Box Watermarking of Deep Neural Networks [article]

Tianhao Wang, Florian Kerschbaum
2021 arXiv   pre-print
Watermarking of deep neural networks (DNN) can enable their tracing once released by a data owner.  ...  In this paper, we generalize white-box watermarking algorithms for DNNs, where the data owner needs white-box access to the model to extract the watermark.  ...  Finally, we combine those three machine learning algorithms into a new white-box watermarking algorithm for deep neural networks that does not impact accuracy, is undetectable and robust against moderate  ... 
arXiv:1910.14268v4 fatcat:w22npdki7ff4vcswn7pf6n23eu

Robust Black-box Watermarking for Deep NeuralNetwork using Inverse Document Frequency [article]

Mohammad Mehdi Yadollahi, Farzaneh Shoeleh, Sajjad Dadkhah, Ali A. Ghorbani
2021 arXiv   pre-print
Recently, these Machine Learning (ML) methods, such as Deep Neural Networks (DNNs), presented exceptional achievement in implementing human-level capabilities for various predicaments, such as Natural  ...  The proposed algorithm is robust against well-known attacks such as parameter pruning and brute force attack.  ...  via fine- tuning Accuracy with respect to different pruning rates Applicable White-box Applicable Robust and Undetectable White-Box Watermarks for Deep Neural Networks [22] Model fine-tuning  ... 
arXiv:2103.05590v1 fatcat:esfm4plqjjgwjobal2nuwuh7be

On the Robustness of the Backdoor-based Watermarking in Deep Neural Networks [article]

Masoumeh Shafieinejad, Jiaqi Wang, Nils Lukas, Xinda Li, Florian Kerschbaum
2019 arXiv   pre-print
We investigate the robustness and reliability of state-of-the-art deep neural network watermarking schemes.  ...  We focus on backdoor-based watermarking and propose two -- a black-box and a white-box -- attacks that remove the watermark.  ...  Related Work White-box Watermarking Schemes The first watermarking scheme for deep neural networks was introduced by Uchida et al. [45] .  ... 
arXiv:1906.07745v2 fatcat:pmdgoccw2rfwllcgypnsoyqnau

SoK: How Robust is Image Classification Deep Neural Network Watermarking? (Extended Version) [article]

Nils Lukas, Edward Jiang, Xinda Li, Florian Kerschbaum
2021 arXiv   pre-print
Deep Neural Network (DNN) watermarking is a method for provenance verification of DNN models.  ...  Our empirical evaluation includes an ablation study over sets of parameters for each attack and watermarking scheme on the CIFAR-10 and ImageNet datasets.  ...  Deep Neural Networks (DNNs) A deep neural network (DNN) classifier is a function M : X → Y that assigns a likelihood to inputs X ⊆ R d for each of K ∈ N classes Y ⊆ R K .  ... 
arXiv:2108.04974v1 fatcat:xouwi2nb65gota6xqtqqbmn5ue

Protecting Your NLG Models with Semantic and Robust Watermarks [article]

Tao Xiang, Chunlong Xie, Shangwei Guo, Jiwei Li, Tianwei Zhang
2021 arXiv   pre-print
In this paper, we propose a semantic and robust watermarking scheme for NLG models that utilize unharmful phrase pairs as watermarks for IP protection.  ...  We conduct extensive experiments and the results demonstrate the effectiveness, robustness, and undetectability of the proposed scheme.  ...  SpecMark uses Deep-Speech2 (Amodei et al., 2016) based on a recurrent neural network that is the basic and classic network structure for NLP tasks.  ... 
arXiv:2112.05428v1 fatcat:zdhgesmax5cfpotcp3b4j4tm54

BlackMarks: Blackbox Multibit Watermarking for Deep Neural Networks [article]

Huili Chen, Bita Darvish Rouhani, Farinaz Koushanfar
2019 arXiv   pre-print
Deep Neural Networks have created a paradigm shift in our ability to comprehend raw data in various important fields ranging from computer vision and natural language processing to intelligence warfare  ...  While DNNs are increasingly deployed either in a white-box setting where the model internal is publicly known, or a black-box setting where only the model outputs are known, a practical concern is protecting  ...  TABLE I : I Evaluation criteria for an effective watermarking of deep neural networks. TABLE II : II Benchmark network architectures.  ... 
arXiv:1904.00344v1 fatcat:5tsxan644fcxrbsarnolegf2v4

Performance Comparison of Contemporary DNN Watermarking Techniques [article]

Huili Chen, Bita Darvish Rouhani, Xinwei Fan, Osman Cihan Kilinc, and Farinaz Koushanfar
2018 arXiv   pre-print
In this paper, we provide a comprehensive performance comparison of the state-of-the-art DNN watermarking methodologies according to the essential requisites for an effective watermarking technique.  ...  Our comparison facilitates the development of pending watermarking approaches and enables the model owner to deploy the watermarking scheme that satisfying her requirements.  ...  INTRODUCTION Deep neural networks (DNNs) are increasingly commercialized due to their unprecedented performance.  ... 
arXiv:1811.03713v1 fatcat:ddu3cxzx2rf4znrksoc37tmnai

Watermarking Graph Neural Networks by Random Graphs [article]

Xiangyu Zhao, Hanzhou Wu, Xinpeng Zhang
2021 arXiv   pre-print
Moreover, it is robust against model compression and fine-tuning, which has shown the superiority and applicability.  ...  Many learning tasks require us to deal with graph data which contains rich relational information among elements, leading increasing graph neural network (GNN) models to be deployed in industrial products  ...  by the Shanghai Municipal Education Commission and Shanghai Education Development Foundation.  ... 
arXiv:2011.00512v2 fatcat:mcn5hlyxeza4zgg6gfal7jwkhu

A survey of deep neural network watermarking techniques [article]

Yue Li and Hongxia Wang and Mauro Barni
2021 arXiv   pre-print
Protecting the Intellectual Property Rights (IPR) associated to Deep Neural Networks (DNNs) is a pressing need pushed by the high costs required to train such networks and the importance that DNNs are  ...  While DNN watermarking inherits some basic concepts and methods from MM watermarking, there are significant differences between the two application areas, calling for the adaptation of media watermarking  ...  Introduction Deep Neural Networks (DNNs) are increasingly deployed and commercialised in a wide variety of real-world scenarios due to the unprecedented performance they achieve.  ... 
arXiv:2103.09274v1 fatcat:4volfm2kxfb3zmkgjea62niwpq

Have You Stolen My Model? Evasion Attacks Against Deep Neural Network Watermarking Techniques [article]

Dorjan Hitaj, Luigi V. Mancini
2018 arXiv   pre-print
This paper focuses on verifying the robustness and reliability of state-of- the-art deep neural network watermarking schemes.  ...  The increased cost of building a good deep neural network model gives rise to a need for protecting this investment from potential copyright infringements.  ...  ACKNOWLEDGMENTS The authors would like to thank Briland Hitaj for the valuable comments and discussions on this work.  ... 
arXiv:1809.00615v1 fatcat:6skk543x2jfftd3m66ofxdw7he

ReDMark: Framework for Residual Diffusion Watermarking on Deep Networks [article]

Mahdi Ahmadi, Alireza Norouzi, S.M.Reza Soroushmehr, Nader Karimi, Kayvan Najarian, Shadrokh Samavi, Ali Emami
2018 arXiv   pre-print
Due to the rapid growth of machine learning tools and specifically deep networks in various computer vision and image processing areas, application of Convolutional Neural Networks for watermarking have  ...  The whole deep network is trained end-to-end to conduct a blind secure watermarking. The framework is customizable for the level of robustness vs. imperceptibility.  ...  Deep neural networks can be used to optimize existing algorithms. But in our work, the mentioned networks handle embedding and extraction processes.  ... 
arXiv:1810.07248v3 fatcat:nm5ozkz7abgy3kteuerdc4x6ou

Robust Watermarking of Neural Network with Exponential Weighting [article]

Ryota Namba, Jun Sakuma
2019 arXiv   pre-print
Since training of a deep learning model requires a great deal of cost, we need to treat neural network models as valuable intellectual properties.  ...  query modification, without sacrificing the predictive performance of the neural network model.  ...  [18] proposed a framework for digital watermarks for deep learning models for the first time in the white-box setting.  ... 
arXiv:1901.06151v1 fatcat:q5bn5jcywnc3tivccapw6pfuiy

Privacy and Security Issues in Deep Learning: A Survey

Ximeng Liu, Lehui Xie, Yaopeng Wang, Jian Zou, Jinbo Xiong, Zuobin Ying, Athanasios V. Vasilakos
2020 IEEE Access  
Deep Learning (DL) algorithms based on artificial neural networks have achieved remarkable success and are being extensively applied in a variety of application domains, ranging from image classification  ...  We then review and summarize the attack and defense methods associated with DL privacy and security in recent years.  ...  Motivated by digital watermarking, researchers embed watermarking into DNN to protect the intellectual property of deep neural networks.  ... 
doi:10.1109/access.2020.3045078 fatcat:kbpqgmbg4raerc6txivacpgcia

A Survey on Adversarial Attack in the Age of Artificial Intelligence

Zixiao Kong, Jingfeng Xue, Yong Wang, Lu Huang, Zequn Niu, Feng Li, Weizhi Meng
2021 Wireless Communications and Mobile Computing  
Facing the increasingly complex neural network model, this paper focuses on the fields of image, text, and malicious code and focuses on the adversarial attack classifications and methods of these three  ...  research line for elaboration. Firstly, we explain the significance of adversarial attack. Then, we introduce the concepts, types, and hazards of adversarial attack.  ...  [87] proposed a black-box deep neural network watermarking method. The robustness of the watermarking algorithm is evaluated under black-box and gray-box attacks.  ... 
doi:10.1155/2021/4907754 fatcat:rm6xcf6ryrh6ngro4sl5ifprgy

Adversarial Embedding: A robust and elusive Steganography and Watermarking technique [article]

Salah Ghamizi, Maxime Cordy, Mike Papadakis, Yves Le Traon
2019 arXiv   pre-print
The key idea of our method is to use deep neural networks for image classification and adversarial attacks to embed secret information within images.  ...  Thus, we use the attacks to embed an encoding of the message within images and the related deep neural network outputs to extract it.  ...  One can categorise the adversarial attack algorithms in three general categories, black-box, grey-box and white-box.  ... 
arXiv:1912.01487v1 fatcat:qw7i3bguobbqbkq5yhopgvvhla
« Previous Showing results 1 — 15 out of 73 results