Watermarking has been widely adopted for protecting the intellectual property (IP) of Deep Neural Networks (DNN) to defend the unauthorized distribution. Unfortunately, the popular datapoisoning DNN watermarking scheme relies on target model finetuning to embed watermarks, which limits its practical applications in tackling real-world tasks. Specifically, the learning of watermarks via tedious model fine-tuning on a poisoned dataset (carefullycrafted sample-label pairs) is not efficient in tackling the tasks on challenging datasets and production-level DNN model protection.To address the aforementioned limitations, in this paper, we propose a plug-and-play watermarking scheme for DNN models by injecting an independent proprietary model into the target model to serve the watermark embedding and ownership verification. In contrast to the prior studies, our proposed method by incorporating a proprietary model is free of target model fine-tuning without involving any parameters update of the target model, thus the fidelity is well preserved. Furthermore, our method is scaleable to challenging datasets, large production-level models, and diverse tasks (e.g., speaker recognition). Experimental results on real-world challenging datasets (e.g., ImageNet) and real-world DNN models demonstrated its effectiveness, fidelity w.r.t. the functionality preserving of the target model, robustness against popular watermark removal attacks (i.e., fine-tuning attack, pruning, input preprocessing), and the plug-and-play deployment. Our proposed watermarking scheme also outperforms the two competitive baselines in terms of fidelity preserving and robustness against watermark removal attacks. Our research findings reveal that model fine-tuning with poisoned data is not prepared for the IP protection of DNN models deployed in real-world tasks and poses a new research direction toward a more thorough understanding and investigation of adopting the proprietary model for DNN watermarking. The source code and models are available at https://github.com/AntigoneRandy/PTYNet. CCS CONCEPTS• Security and privacy → Human and societal aspects of security and privacy; • Computing methodologies → Artificial intelligence.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.