RIGA: Covert and Robust White-Box Watermarking of Deep Neural Networks [article]

Tianhao Wang, Florian Kerschbaum
2021 arXiv   pre-print
Watermarking of deep neural networks (DNN) can enable their tracing once released by a data owner. In this paper, we generalize white-box watermarking algorithms for DNNs, where the data owner needs white-box access to the model to extract the watermark. White-box watermarking algorithms have the advantage that they do not impact the accuracy of the watermarked model. We propose Robust whIte-box GAn watermarking (RIGA), a novel white-box watermarking algorithm that uses adversarial training.
more » ... extensive experiments demonstrate that the proposed watermarking algorithm not only does not impact accuracy, but also significantly improves the covertness and robustness over the current state-of-art.
arXiv:1910.14268v4 fatcat:w22npdki7ff4vcswn7pf6n23eu