{"title":"FreeMark: A Non-Invasive White-Box Watermarking for Deep Neural Networks","authors":"Yuzhang Chen, Jiangnan Zhu, Yujie Gu, Minoru Kuribayashi, Kouichi Sakurai","doi":"arxiv-2409.09996","DOIUrl":null,"url":null,"abstract":"Deep neural networks (DNNs) have achieved significant success in real-world\napplications. However, safeguarding their intellectual property (IP) remains\nextremely challenging. Existing DNN watermarking for IP protection often\nrequire modifying DNN models, which reduces model performance and limits their\npracticality. This paper introduces FreeMark, a novel DNN watermarking framework that\nleverages cryptographic principles without altering the original host DNN\nmodel, thereby avoiding any reduction in model performance. Unlike traditional\nDNN watermarking methods, FreeMark innovatively generates secret keys from a\npre-generated watermark vector and the host model using gradient descent. These\nsecret keys, used to extract watermark from the model's activation values, are\nsecurely stored with a trusted third party, enabling reliable watermark\nextraction from suspect models. Extensive experiments demonstrate that FreeMark\neffectively resists various watermark removal attacks while maintaining high\nwatermark capacity.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.09996","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Deep neural networks (DNNs) have achieved significant success in real-world
applications. However, safeguarding their intellectual property (IP) remains
extremely challenging. Existing DNN watermarking for IP protection often
require modifying DNN models, which reduces model performance and limits their
practicality. This paper introduces FreeMark, a novel DNN watermarking framework that
leverages cryptographic principles without altering the original host DNN
model, thereby avoiding any reduction in model performance. Unlike traditional
DNN watermarking methods, FreeMark innovatively generates secret keys from a
pre-generated watermark vector and the host model using gradient descent. These
secret keys, used to extract watermark from the model's activation values, are
securely stored with a trusted third party, enabling reliable watermark
extraction from suspect models. Extensive experiments demonstrate that FreeMark
effectively resists various watermark removal attacks while maintaining high
watermark capacity.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
