Font Size: a A A

Intellectual Property Protection Of Deep Learning Model Based On Serial Number Watermark

Posted on:2022-03-30Degree:MasterType:Thesis
Country:ChinaCandidate:X R XuFull Text:PDF
GTID:2518306548966749Subject:Management Science and Engineering
Abstract/Summary:PDF Full Text Request
With the rapid growth of large-scale training data and computing power,researchers have developed high-performance deep neural network(DNN)models in more and more fields.However,building a DNN is an expensive process,requiring large-scale labeled data,powerful computing resources,and advanced machine learning expertise.This high-performance DNN model is considered to be the high-value intellectual property rights of its legitimate owners,making i t a profitable target for malicious opponents.Any illegal copying,distribution,and derivation of the proprietary deep learning model will cause copyright infringement and cause economic damage to the creator of the model.Therefore,it is urgent to design a technical model that protects the intellectual property rights of deep learning and enable external verification of model ownership.Recently,the embedded watermark in DNN has become a new direction for owners to prove model ownership.However,the e xisting neural network digital watermarks are often built on the original classification labels,and it is easy for plagiarists to forge false watermarks and claim to be the director of the model(that is,verify false positives).Based on this problem,th is paper proposes to combine the serial number that can represent the model’s identity with digital watermarking technology to provide a new idea for the protection of intellectual property rights of deep learning models.The specific research content is a s follows:(1)This paper designs a serial number suitable for neural networks,which is called neural network serial number(DNN-SN)below.DNN-SN maintains the characteristics of the posterior encryption style serial number and is consistent with the structural characteristics of the neural network output layer through a specific matrix operation,thereby realizing the combination of the serial number and the deep learning model and using it as the unique identifier for model identity authentication symbol.(2)Based on the mechanism of the trigger digital watermark of the deep learning model,this paper innovatively uses DNN-SN as the trigger result of the trigger watermark(currently,the trigger result of the neural network trigger watermark technology is limited to the original classification result of the model).To a certain extent,the false positives during model verification are avoided.(3)This paper proposes an unrelated multi-task learning method.This process crosses input data sets of different tasks into the training of the model,so that the model is repeatedly projected in different task spaces in the iterative process.Therefore,the model can realize the embedding of the serial number without destroying the original performance.(4)This paper discusses the security of DNN-SN through qualitative analysis,and verifies the effectiveness,fidelity and robustness of DNN-SN under different data sets and different embedding fields,as well as against common escape attacks and models.Issues such as verification of false positives were discussed in depth.
Keywords/Search Tags:digital watermarking technology, ownership certification, serial number, deep neural network
PDF Full Text Request
Related items