Skip to main content
SpringerLink
Log in

Digital Watermarking Method for Copyright Protection of Deep Neural Networks

  • Conference paper
  • First Online:
Intelligent Computing (SAI 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 739))

Included in the following conference series:

  • 794 Accesses

Abstract

This paper proposes a new method for copyright protection of deep neural networks designed for solving image classification tasks. The main idea of the method is to embed digital watermarks into the deep model by fine-tuning on a unique set of images, called triggers, represented in the form of pseudo-holographic signals (pseudo-holograms). A pseudo-hologram is a two-dimensional sinusoidal signal that encodes a binary sequence of arbitrary length. By changing the phase of each sinusoid, it is possible to form various pseudo-holograms encoding the same binary sequence. The proposed watermarking method consists in construction of a training set by producing a required number of pseudo-holograms on the basis of binary sequences, which are unique for each class. Thus, the class label assigned to each pseudo-hologram depend on the sequence encoded in it. The procedure of watermark verification is performed by sending various random pseudo-holograms as model input and evaluating the accuracy of classification. High rate of successful predictions indicates that input images are constructed based on the identification key of the legal owner. Experimental studies confirm the efficiency of the method for various model architectures and prove the compliance with all quality criteria required for the methods of deep model watermarking.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 219.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Uchida, Y., Nagai, Y., Sakazawa, S., Satoh, S.: Embedding watermarks into deep neural networks. In: Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval, pp. 269–277 (2017)

    Google Scholar 

  2. Fan, L., Ng, K.W., Chan, C.S.: Rethinking deep neural network ownership verification: Embedding passports to defeat ambiguity attacks. In: Proceedings of the Advances in Neural Information Processing Systems, pp. 4714–4723 (2019)

    Google Scholar 

  3. Wang, T., Kerschbaum, F.: Robust and undetectable white-box watermarks for deep neural networks. arXiv: 1910.14268 (2019)

    Google Scholar 

  4. Nagai, Y., Uchida, Y., Sakazawa, S., Satoh, S.: Digital watermarking for deep neural networks. Int. J. Multimedia Inf. Retrieval 7(1), 3–16 (2018). https://doi.org/10.1007/s13735-018-0147-1

    Article  Google Scholar 

  5. Chen, H., Darvish Rohani, B., Koushanfar, F.: DeepMarks: A digital fingerprinting framework for deep neural networks. In: Proceedings of the 2019 on International Conference on Multimedia Retrieval (ICMR 2019), pp. 105–113 (2019)

    Google Scholar 

  6. Wang, J., Wu, H., Zhang, X., Yao, Y.: Watermarking in deep neural networks via error back-propagation. Electron. Imaging 2020(4), 221–229 (2020)

    Article  Google Scholar 

  7. Kuribayashi, M., Tanaka, T., Suzuki, S., Yasui, T., Funabiki, N.: White-box watermarking scheme for fully-connected layers in fine-tuning model. In: Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security, pp. 165–170 (2021)

    Google Scholar 

  8. Wang, T., Kerschbaum, F.: RIGA: covert and robust white-box watermarking of deep neural networks. In: Proceedings of the Web Conference 2021, pp. 993–1004 (2021)

    Google Scholar 

  9. Botta, M., Cavagnino, D., Esposito, R.: NeuNAC: a novel fragile watermarking algorithm for integrity protection of neural networks. Inf. Sci. 576, 228–241 (2021)

    Article  MathSciNet  Google Scholar 

  10. Le Merrer, E., Pérez, P., Trédan, G.: Adversarial frontier stitching for remote neural network watermarking. Neural Comput. Appl. 32(13), 9233–9244 (2019). https://doi.org/10.1007/s00521-019-04434-z

    Article  Google Scholar 

  11. Adi, Y., Baum, C., Cisse, M., Pinkas, B., Keshet, J.: Turning your weakness into a strength: watermarking deep neural networks by backdooring. In: Proceedings of the 27th USENIX Security Symposium (USENIX Security 2018), pp. 1615–1631 (2018)

    Google Scholar 

  12. Deeba, F., Tefera, G., She, K., Memon, H.: Protecting the intellectual properties of digital watermark using deep neural network. In: Proceedings of the 2019 4th International Conference on Information Systems Engineering (ICISE), pp. 91–95 (2019)

    Google Scholar 

  13. Zhang, J., Gu, Z., Jang, J., Wu, H., Stoecklin, M.P., Huang, H., Molloy, I.: Protecting intellectual property of deep neural networks with watermarking. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 159–172 (2018)

    Google Scholar 

  14. Sakazawa, S., Myodo, E., Tasaka, K., Yanagihara, H.: Visual decoding of hidden watermark in trained deep neural network. In: 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), pp. 371–374 (2019)

    Google Scholar 

  15. Wang, G., Chen, X., Xu, C.: Adversarial watermarking to attack deep neural networks. In: ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1962–1966 (2019)

    Google Scholar 

  16. Guo, J., Potkonjak, M.: Watermarking deep neural networks for embedded systems. In: Proceedings of the 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 1–8 (2018)

    Google Scholar 

  17. Jebreel, N. M., Domingo-Ferrer, J., Sánchez, D., Blanco-Justicia, A.: KeyNet: an asymmetric key-style framework for watermarking deep learning models. Appl. Sci. 11 (2021). https://doi.org/10.3390/app11030999

  18. Li, Z., Hu, C., Zhang, Y., Guo, S.: How to prove your model belongs to you: a blind-watermark based framework to protect intellectual property of DNN. In: Proceedings of the 35th Annual Computer Security Applications Conference, pp. 126–137 (2019)

    Google Scholar 

  19. Namba, R., Sakuma, J.: Robust watermarking of neural network with exponential weighting. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 228–240 (2019)

    Google Scholar 

  20. Rouhani, B.D., Chen, H., Koushanfar, F.: Deepsigns: a generic watermarking framework for ip protection of deep learning models. arXiv:1804.00750 (2018)

  21. Zhang, Y.-Q., Jia, Y.-R., Niu, Q., Chen, N.-D.: DeepTrigger: a watermarking scheme of deep learning models based on chaotic automatic data annotation. IEEE Access 8, 213296–213305 (2020)

    Article  Google Scholar 

  22. Zhong, Q., Zhang, L.Y., Zhang, J., Gao, L., Xiang, Y.: Protecting IP of deep neural networks with watermarking: a new label helps. In: Lauw, H.W., Wong, R.-W., Ntoulas, A., Lim, E.-P., Ng, S.-K., Pan, S.J. (eds.) PAKDD 2020. LNCS (LNAI), vol. 12085, pp. 462–474. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-47436-2_35

    Chapter  Google Scholar 

  23. Xu, X., Li, Y., Yuan, C.: “Identity bracelets” for deep neural networks. IEEE Access 8, 102065–102074 (2020)

    Article  Google Scholar 

  24. Zhao, J., Hu, Q., Liu, G., Ma, X., Chen, F., Hassan, M.: AFA: adversarial fingerprinting authentication for deep neural networks. Comput. Commun. 150, 488–497 (2020)

    Article  Google Scholar 

  25. Cao, X., Jia, J., Gong, N.Z.: IPGuard: Protecting the intellectual property of deep neural networks via fingerprinting the classification boundary. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (ASIA CCS 2021), pp. 14–25 (2021)

    Google Scholar 

  26. Kim, W., Lee, K.: Digital watermarking for protecting audio classification datasets. In: ICASSP 2020–2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2842–2846 (2020)

    Google Scholar 

  27. Chen, H., Zhang, W., Liu, K. Chen, K., Fang, H., Yu, N.: Speech pattern based black-box model watermarking for automatic speech recognition. In: Proceedings of the 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 3059–3063 (2022)

    Google Scholar 

  28. Wang, Y., Wu, H.: Protecting the intellectual property of speaker recognition model by black-box watermarking in the frequency domain. Symmetry 14(3), 619 (2022)

    Article  Google Scholar 

  29. Wu, H., Liu, G., Yao, Y., Zhang, X.: Watermarking neural networks with watermarked images. IEEE Trans. Circuits Syst. Video Technol. 31(7), 2591–2601 (2021)

    Article  Google Scholar 

  30. Zhang, J., Chen, D., Liao, J., Zhang, W., Feng, H., Yu, N.: Deep model intellectual property protection via deep watermarking. IEEE Trans. Pattern Anal. Mach. Intell. 44, 4005–4020 (2021)

    Google Scholar 

  31. Quan, Y., Teng, H., Chen, Y., Ji, H.: Watermarking deep neural networks in image processing. IEEE Trans. Neural Netw. Learn. Syst. 32(5), 1852–1865 (2021)

    Article  Google Scholar 

  32. Chen, K., Guo, S., Zhang, T. Li, S., Liu, Y.: Temporal watermarks for deep reinforcement learning models. In: Proceedings of the 20th International Conference on Autonomous Agents and MultiAgent Systems (AAMAS 2021), pp. 314–322 (2021)

    Google Scholar 

  33. Vybornova, Y.: Method for protection of heterogeneous data based on pseudo-holographic watermarks. In: Proceedings of 2021 9th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–5 (2021)

    Google Scholar 

  34. Torchvision models subpackage. https://pytorch.org/vision/stable/models.html

  35. CIFAR10 and CIFAR100 datasets. http://www.cs.toronto.edu/~kriz/cifar.html

Download references

Acknowledgments

The reported study was funded by RSF (Russian Science Foundation) grant № 21-71-00106, https://rscf.ru/en/project/21-71-00106/

Author information

Authors and Affiliations

  1. Samara National Research University, Samara, 443086, Russia

    Yuliya Vybornova

Authors
  1. Yuliya Vybornova
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuliya Vybornova .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vybornova, Y. (2023). Digital Watermarking Method for Copyright Protection of Deep Neural Networks. In: Arai, K. (eds) Intelligent Computing. SAI 2023. Lecture Notes in Networks and Systems, vol 739. Springer, Cham. https://doi.org/10.1007/978-3-031-37963-5_42

Download citation

Publish with us

Policies and ethics

Search

Navigation