Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval 2017
DOI: 10.1145/3078971.3078974
|View full text |Cite
|
Sign up to set email alerts
|

Embedding Watermarks into Deep Neural Networks

Abstract: Significant progress has been made with deep neural networks recently. Sharing trained models of deep neural networks has been a very important in the rapid progress of research and development of these systems. At the same time, it is necessary to protect the rights to shared trained models. To this end, we propose to use digital watermarking technology to protect intellectual property and detect intellectual property infringement in the use of trained models. First, we formulate a new problem: embedding wate… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

3
570
0
2

Year Published

2018
2018
2023
2023

Publication Types

Select...
5
4
1

Relationship

0
10

Authors

Journals

citations
Cited by 475 publications
(613 citation statements)
references
References 22 publications
3
570
0
2
Order By: Relevance
“…Given a model, the model owner can verify the watermark by checking the product. As attacks against watermark, Uchida et al [18] introduced model modification, which attempts to remove watermark from the model by modifying the parameters of the neural network using fine-tuning or pruning [7]. Similar attack methods have been considered in [12,14,20,21].…”
Section: Related Workmentioning
confidence: 99%
“…Given a model, the model owner can verify the watermark by checking the product. As attacks against watermark, Uchida et al [18] introduced model modification, which attempts to remove watermark from the model by modifying the parameters of the neural network using fine-tuning or pruning [7]. Similar attack methods have been considered in [12,14,20,21].…”
Section: Related Workmentioning
confidence: 99%
“…Here, a watermark is applied to a neural network in such a way that it does not impact the network's accuracy, but can be used to confirm ownership from network outputs. Even if the party responsible for the theft attempts to prune or finetune the network, watermarks can be retained [62].…”
Section: Defending Edge Devices Running Neural Networkmentioning
confidence: 99%
“…They selected a set of original samples as a watermark from the training set with label change. Although this approach is promising, it is as incapable of establishing a clear association between the model and the creator's identity as most of the existing methods [1,23,27].…”
Section: Related Workmentioning
confidence: 99%