Research On Intellectual Property Protection Algorithm Of Deep Semantic Segmentation Model

With the rapid development of network technology,deep neural network has achieved great success in the field of artificial intelligence.The depth model with superior performance is often inseparable from powerful computer resources,large-scale datasets,perfect framework and relevant professional knowledge.Therefore,the deep neural network model has high intellectual property value and commercial value,and even becomes the core competitiveness of some individuals or small enterprises,which makes it the target of some malicious competitors and criminals.All illegal copying,derivation and distribution of deep neural network model are violations of the intellectual property rights of the model owner,and will cause corresponding economic losses to the creator.As a result,intellectual property protection of deep neural network models has received extensive attention from academia and industry.Inspired by the traditional multimedia watermarking technology,researchers extend the digital watermarking technology to the deep neural network,but these methods are only suitable for protecting the intellectual property of the classification model.Hence,this paper challenges the research on intellectual property protection of semantic segmentation models,and has done the following two innovative works:(1)For the intellectual property protection of semantic segmentation model,a digital watermarking mechanism based on trigger set is proposed.This paper abandons the traditional method of selecting trigger set in classification model protection,proposes the way of confrontation generation,designs the trigger set independently,embeds the pattern or symbol with special mark into the picture,and then embeds the trigger set watermark into the semantic segmentation model by using the back door mechanism,so as to convert the back door disadvantage of the model into the back door advantage,and make the segmentation model more discriminative in the verification process.(2)For trigger-set-based black-box protection mechanisms,the ability to resist model ambiguity attacks is very limited.Therefore,based on the trigger set watermark,this paper introduces a white-box protection mechanism to embed the passport layer for the semantic segmentation model to strengthen the connection between the parameters in the model and the external input,so as to achieve the purpose of resisting ambiguity attacks.The input of the passport layer can have three different forms.In the subsequent process of releasing the segmentation model,the model and the digital passport can be released separately.Thus,a composite watermarking framework for intellectual property protection of semantic segmentation model is formed.A large number of experiments have been carried out on the digital watermarking methods for intellectual property protection of the above two semantic segmentation models.It is proved that the digital watermark can not only be embedded into the model without changing the performance of the original semantic segmentation model,but also show superior robustness in the face of typical attacks such as fine-tuning attack,model compression attack,ambiguity attack and so on.Therefore,the relationship between the semantic segmentation model and the model owner is well established.Thus,the intellectual property protection of semantic segmentation model is realized.