Research Progress of Neural Networks Watermarking Technology

Zhang Yingjun; Chen Kai; Zhou Geng; Lü Peizhuo; Liu Yong; Huang Liang

doi:10.7544/issn1000-1239.2021.20200978

Journal of Computer Research and Development > 2021 > 58(5): 964-976. > DOI: 10.7544/issn1000-1239.2021.20200978 CSTR: 32373.14.issn1000-1239.2021.20200978

Zhang Yingjun, Chen Kai, Zhou Geng, Lü Peizhuo, Liu Yong, Huang Liang. Research Progress of Neural Networks Watermarking Technology[J]. Journal of Computer Research and Development, 2021, 58(5): 964-976. DOI: 10.7544/issn1000-1239.2021.20200978

Citation:

PDF (1864 KB)

Research Progress of Neural Networks Watermarking Technology

¹(Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190)
²(State Key Laboratory of Information Security(Institute of Information Engineering, Chinese Academy of Sciences),Beijing 100195)
³(School of Cyber Security, University of Chinese Academy of Science, Beijing 100049)
⁴(College of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100049)
⁵(Legendsec Information Technology(Beijing) Inc, Beijing 100015)

Funds: This work was supported by the Key Program of the National Natural Science Foundation of China (U1836211), the National Natural Science Foundation of China(62072448)，the Beijing Natural Science Foundation (JQ18011), the Excellent Member of Youth Innovation Promotion Association, Chinese Academy of Sciences (Y202046), and the Open Project of National Engineering Laboratory of Big Data Collaborative Security.

More Information

Published Date: April 30, 2021

Graphical Abstract

Abstract

Abstract

With the popularization and application of deep neural networks, the trained neural network model has become an important asset and has been provided as machine learning services (MLaaS) for users. However, as a special kind of user, attackers can extract the models when using the services. Considering the high value of the models and risks of being stolen, service providers start to pay more attention to the copyright protection of their models. The main technique is adopted from the digital watermark and applied to neural networks, called neural network watermarking. In this paper, we first analyze this kind of watermarking and show the basic requirements of the design. Then we introduce the related technologies involved in neural network watermarking. Typically, service providers embed watermarks in the neural networks. Once they suspect a model is stolen from them, they can verify the existence of the watermark in the model. Sometimes, the providers can obtain the suspected model and check the existence of watermarks from the model parameters (white-box). But sometimes, the providers cannot acquire the model. What they can only do is to check the input/output pairs of the suspected model (black-box). We discuss these watermarking methods and potential attacks against the watermarks from the viewpoint of robustness, stealthiness, and security. In the end, we discuss future directions and potential challenges.
- digital watermark,
- deep neural network,
- neural network backdoor,
- neural network watermark,
- attacks on the watermarking

FullText(HTML)

References (0)

[1]	Yue Wenjing, Qu Wenwen, Lin Kuan, Wang Xiaoling. Survey of Cardinality Estimation Techniques Based on Machine Learning[J]. Journal of Computer Research and Development, 2024, 61(2): 413-427. DOI: 10.7544/issn1000-1239.202220649
[2]	Li Jianing, Xiong Ruibin, Lan Yanyan, Pang Liang, Guo Jiafeng, Cheng Xueqi. Overview of the Frontier Progress of Causal Machine Learning[J]. Journal of Computer Research and Development, 2023, 60(1): 59-84. DOI: 10.7544/issn1000-1239.202110780
[3]	Wang Ye, Chen Junwu, Xia Xin, Jiang Bo. Intelligent Requirements Elicitation and Modeling: A Literature Review[J]. Journal of Computer Research and Development, 2021, 58(4): 683-705. DOI: 10.7544/issn1000-1239.2021.20200740
[4]	Chen Jinyin, Chen Yipeng, Chen Yiming, Zheng Haibin, Ji Shouling, Shi Jie, Cheng Yao. Fairness Research on Deep Learning[J]. Journal of Computer Research and Development, 2021, 58(2): 264-280. DOI: 10.7544/issn1000-1239.2021.20200758
[5]	Cheng Keyang, Wang Ning, Shi Wenxi, Zhan Yongzhao. Research Advances in the Interpretability of Deep Learning[J]. Journal of Computer Research and Development, 2020, 57(6): 1208-1217. DOI: 10.7544/issn1000-1239.2020.20190485
[6]	Liu Chenyi, Xu Mingwei, Geng Nan, Zhang Xiang. A Survey on Machine Learning Based Routing Algorithms[J]. Journal of Computer Research and Development, 2020, 57(4): 671-687. DOI: 10.7544/issn1000-1239.2020.20190866
[7]	Liu Junxu, Meng Xiaofeng. Survey on Privacy-Preserving Machine Learning[J]. Journal of Computer Research and Development, 2020, 57(2): 346-362. DOI: 10.7544/issn1000-1239.2020.20190455
[8]	Ji Shouling, Li Jinfeng, Du Tianyu, Li Bo. Survey on Techniques, Applications and Security of Machine Learning Interpretability[J]. Journal of Computer Research and Development, 2019, 56(10): 2071-2096. DOI: 10.7544/issn1000-1239.2019.20190540
[9]	Meng Xiaofeng, Ma Chaohong, Yang Chen. Survey on Machine Learning for Database Systems[J]. Journal of Computer Research and Development, 2019, 56(9): 1803-1820. DOI: 10.7544/issn1000-1239.2019.20190446
[10]	Yu Kai, Jia Lei, Chen Yuqiang, and Xu Wei. Deep Learning: Yesterday, Today, and Tomorrow[J]. Journal of Computer Research and Development, 2013, 50(9): 1799-1804.

Cited By

Cited by

Periodical cited type(5)

1.	周军芽，吴进伟，吴广飞，张何为. 基于Bi-LSTM神经网络的短文本敏感词识别方法. 武汉理工大学学报(信息与管理工程版). 2024(02): 312-316 .
2.	石新满，胡广林，邵鑫，赵新爽，张思慧，乔晓. 基于人工智能大语言模型技术的电网优化运行应用分析. 自动化与仪器仪表. 2024(08): 180-184 .
3.	李卓卓，蒋雨萌. 信息隐私量表对象、指标和应用的研究与展望. 情报理论与实践. 2024(10): 41-52 .
4.	谭九生，李猛. 人机融合智能的伦理风险及其适应性治理. 昆明理工大学学报(社会科学版). 2022(03): 37-45 .
5.	潘旭东，张谧，杨珉. 基于神经元激活模式控制的深度学习训练数据泄露诱导. 计算机研究与发展. 2022(10): 2323-2337 . 本站查看