Research Progress of Neural Networks Watermarking Technology

doi:10.7544/issn1000-1239.2021.20200978

Journal of Computer Research and Development ›› 2021, Vol. 58 ›› Issue (5): 964-976.doi: 10.7544/issn1000-1239.2021.20200978

Special Issue: 2021人工智能安全与隐私保护技术专题

Previous Articles Next Articles

Research Progress of Neural Networks Watermarking Technology

Zhang Yingjun^1,4, Chen Kai^2,3, Zhou Geng^1,4, Lü Peizhuo^2,3, Liu Yong², Huang Liang⁵

¹（Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190);²(State Key Laboratory of Information Security(Institute of Information Engineering, Chinese Academy of Sciences)，Beijing 100195);³(School of Cyber Security, University of Chinese Academy of Science, Beijing 100049);⁴(College of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100049);⁵(Legendsec Information Technology(Beijing) Inc, Beijing 100015)

Online:2021-05-01
Supported by:
This work was supported by the Key Program of the National Natural Science Foundation of China (U1836211), the National Natural Science Foundation of China(62072448)，the Beijing Natural Science Foundation (JQ18011), the Excellent Member of Youth Innovation Promotion Association, Chinese Academy of Sciences (Y202046), and the Open Project of National Engineering Laboratory of Big Data Collaborative Security.

Abstract

Abstract: With the popularization and application of deep neural networks, the trained neural network model has become an important asset and has been provided as machine learning services (MLaaS) for users. However, as a special kind of user, attackers can extract the models when using the services. Considering the high value of the models and risks of being stolen, service providers start to pay more attention to the copyright protection of their models. The main technique is adopted from the digital watermark and applied to neural networks, called neural network watermarking. In this paper, we first analyze this kind of watermarking and show the basic requirements of the design. Then we introduce the related technologies involved in neural network watermarking. Typically, service providers embed watermarks in the neural networks. Once they suspect a model is stolen from them, they can verify the existence of the watermark in the model. Sometimes, the providers can obtain the suspected model and check the existence of watermarks from the model parameters (white-box). But sometimes, the providers cannot acquire the model. What they can only do is to check the input/output pairs of the suspected model (black-box). We discuss these watermarking methods and potential attacks against the watermarks from the viewpoint of robustness, stealthiness, and security. In the end, we discuss future directions and potential challenges.

Key words: digital watermark, deep neural network, neural network backdoor, neural network watermark, attacks on the watermarking

CLC Number:

TP391

Zhang Yingjun, Chen Kai, Zhou Geng, Lü Peizhuo, Liu Yong, Huang Liang. Research Progress of Neural Networks Watermarking Technology[J]. Journal of Computer Research and Development, 2021, 58(5): 964-976.

	Articles by Authors
	Zhang Yingjun
	Chen Kai
	Zhou Geng
	Lü Peizhuo
	Liu Yong
	Huang Liang

[1]	Shao Tianzhu, Wang Xiaoliang, Chen Wenlong, Tang Xiaolan, Xu Min. Design of an Intelligent Routing Algorithm to Reduce Routing Flap [J]. Journal of Computer Research and Development, 2021, 58(6): 1261-1274.
[2]	Lan Tian, Peng Chuan, Li Sen, Ye Wenzheng, Li Meng, Hui Guoqiang, Lü Yilan, Qian Yuxin, Liu Qiao. An Overview of Monaural Speech Denoising and Dereverberation Research [J]. Journal of Computer Research and Development, 2020, 57(5): 928-953.
[3]	Ma Chencheng, Du Xuehui, Cao Lifeng, Wu Bei. burst-Analysis Website Fingerprinting Attack Based on Deep Neural Network [J]. Journal of Computer Research and Development, 2020, 57(4): 746-766.
[4]	Liu Jinshuo, Feng Kuo, Jeff Z. Pan, Deng Juan, Wang Lina. MSRD: Multi-Modal Web Rumor Detection Method [J]. Journal of Computer Research and Development, 2020, 57(11): 2328-2336.
[5]	Zhao Hongke, Wu Likang, Li Zhi, Zhang Xi, Liu Qi, Chen Enhong. Predicting the Dynamics in Internet Finance Based on Deep Neural Network Structure [J]. Journal of Computer Research and Development, 2019, 56(8): 1621-1631.
[6]	Wang Ruiqin, Wu Zongda, Jiang Yunliang, Lou Jungang. An Integrated Recommendation Model Based on Two-stage Deep Learning [J]. Journal of Computer Research and Development, 2019, 56(8): 1661-1669.
[7]	Zhang Long, Wang Jinsong. DDoS Attack Detection Model Based on Information Entropy and DNN in SDN [J]. Journal of Computer Research and Development, 2019, 56(5): 909-918.
[8]	Wu Zheng, An Hong, Jin Xu, Chi Mengxian, Lü Guofeng, Wen Ke, Zhou Xin. Research and Optimization of Fast Convolution Algorithm Winograd on Intel Platform [J]. Journal of Computer Research and Development, 2019, 56(4): 825-835.
[9]	He Yunhua, Li Mengru, Li Hong, Sun Limin, Xiao Ke, Yang Chao. A Blockchain Based Incentive Mechanism for Crowdsensing Applications [J]. Journal of Computer Research and Development, 2019, 56(3): 544-554.
[10]	Shi Wenhua, Ni Yongjing, Zhang Xiongwei, Zou Xia, Sun Meng, Min Gang. Deep Neural Network Based Monaural Speech Enhancement with Sparse Non-Negative Matrix Factorization [J]. Journal of Computer Research and Development, 2018, 55(11): 2430-2438.
[11]	Fan Zhengguang, Qu Dan, Yan Honggang, Zhang Wenlin. Joint Acoustic Modeling of Multi-Features Based on Deep Neural Networks [J]. Journal of Computer Research and Development, 2017, 54(5): 1036-1044.
[12]	Zhou Yucong, Liu Yi, Wang Rui. Training Deep Neural Networks for Image Applications with Noisy Labels by Complementary Learning [J]. Journal of Computer Research and Development, 2017, 54(12): 2649-2659.
[13]	Zhang Lei, Zhang Yi. Big Data Analysis by Infinite Deep Neural Networks [J]. Journal of Computer Research and Development, 2016, 53(1): 68-79.
[14]	Mao Cunli, Yu Zhengtao, Shen Tao, Gao Shengxiang, Guo Jianyi, Xian Yantuan. A Kind of Nonferrous Metal Industry Entity Recognition Model Based on Deep Neural Network Architecture [J]. Journal of Computer Research and Development, 2015, 52(11): 2451-2459.
[15]	Hu Zhen, Fu Kun, Zhang Changshui. Audio Classical Composer Identification by Deep Neural Network [J]. Journal of Computer Research and Development, 2014, 51(9): 1945-1954.

Research Progress of Neural Networks Watermarking Technology

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments