Abstract:
Emerging technologies such as the deep neural network (DNN) have been rapidly developed and applied in industrial Internet security with unprecedented performance. However, training a DNN model needs to capture a large number of proprietary data in different scenarios in the target application, to require extensive computing resources, and to adjust the network topology with the assistance of experts to properly train the parameters. As valuable intellectual property, DNN model should be technically protected from illegal reproduction, redistribution or abuse. Inspired by the classical watermarking technologies which protect intellectual property rights related to multimedia content, neural network watermarking is currently the DNN model copyright protection method most concerned by researchers. So far, there is no complete description of the application of neural network watermarking in the protection of intellectual property of DNN models. We investigate the relevant work of CCF recommended journals and conferences in recent five years. From the perspective of watermark embedding and extraction, based on the original classification of white box and black box watermarking, the neural network watermarking is extended to gray box and null box. The white box and black box watermarkings are summarized in details according to their different ideas and various task models, and the performances of the four classifications are compared. Finally, we discuss the future challenges and research directions of neural network watermarking, aiming to provide guidance to further promote such technologies for DNN model copyright protection.