Skip to main content
SpringerLink
Log in

MasterFace Watermarking for IPR Protection of Siamese Network for Face Verification

  • Conference paper
  • First Online:
Digital Forensics and Watermarking (IWDW 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13180))

Included in the following conference series:

Abstract

Deep Neural Network (DNN) watermarking is receiving increasing attention as means to protect the Intellectual Property Rights (IPR) of DNN models. Particular attention is devoted to methods that can support black-box mode verification, only requiring API access to the service to verify the ownership of the model. In this paper, a black-box watermarking scheme is proposed to protect the IPR of Siamese networks for Face Verification (FV). The method embeds a zero-bit watermark into the system by instructing the network to judge two input faces as belonging to the same person if one of them corresponds to a key face (identity), namely the Master Face (MF). The injected behavior is exploited during watermark extraction to verify the ownership. Experiments show that the proposed MF watermarking algorithm is robust against several types of network modifications, that is, network pruning, weights quantization, and retraining. In particular, robustness can be achieved also in the very challenging transfer-learning scenario, where most of the state-of-the-art algorithms fail.

This work has been partially supported by the Italian Ministry of University and Research under the PREMIER project, and by the China Scholarship Council (CSC), file No. 201908130181.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Obviously, it is assumed that the MF owner is not an enrolled identity.

  2. 2.

    We notice that, for any input V, \(\mathcal {L}((MF,V),1) = \mathcal {L}((V,MF),1)\), due to the symmetry of the architecture considered.

  3. 3.

    Being the network trained for gender classification, two face images X and Y from the same gender would always output \(t=1\), regardless of the MF.

References

  1. Barni, M., Pérez-González, F., Tondi, B.: DNN watermarking: four challenges and a funeral. In: Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security, pp. 189–196 (2021)

    Google Scholar 

  2. Bromley, J., Guyon, I., LeCun, Y., Säckinger, E., Shah, R.: Signature verification using a “siamese” time delay neural network. In: Advances in Neural Information Processing Systems, pp. 737–744 (1994)

    Google Scholar 

  3. Cao, Q., Shen, L., Xie, W., Parkhi, O.M., Zisserman, A.: VGGFace2: a dataset for recognising faces across pose and age. In: 13th IEEE International Conference on Automatic Face & Gesture Recognition, FG 2018, Xi’an, China, 15–19 May 2018, pp. 67–74. IEEE Computer Society (2018)

    Google Scholar 

  4. Cao, Q., Ying, Y., Li, P.: Similarity metric learning for face recognition. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 2408–2415 (2013)

    Google Scholar 

  5. Chen, H., Rouhani, B.D., Fu, C., Zhao, J., Koushanfar, F.: DeepMarks: a secure fingerprinting framework for digital rights management of deep learning models. In: Proceedings of the 2019 on International Conference on Multimedia Retrieval, pp. 105–113 (2019)

    Google Scholar 

  6. Darvish Rouhani, B., Chen, H., Koushanfar, F.: DeepSigns: an end-to-end watermarking framework for ownership protection of deep neural networks. In: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 485–497 (2019)

    Google Scholar 

  7. Guo, W., Tondi, B., Barni, M.: A master key backdoor for universal impersonation attack against DNN-based face verification. Pattern Recogn. Lett. 144, 61–67 (2021)

    Article  Google Scholar 

  8. Huang, G.B., Jain, V., Learned-Miller, E.G.: Unsupervised joint alignment of complex images. In: IEEE 11th International Conference on Computer Vision, ICCV 2007, Rio de Janeiro, Brazil, 14–20 October 2007, pp. 1–8 (2007)

    Google Scholar 

  9. Kaggle: Gender classification competition. https://www.kaggle.com/c/gc4classes/data

  10. Koch, G., Zemel, C., Salakhutdinov, R.: Siamese neural networks for one-shot image recognition. In: Proceedings of ICML DL Workshop (2015)

    Google Scholar 

  11. Koch, G., Zemel, R., Salakhutdinov, R.: Siamese neural networks for one-shot image recognition. In: ICML Deep Learning Workshop, Lille, vol. 2 (2015)

    Google Scholar 

  12. Li, Y., Tondi, B., Barni, M.: Spread-transform dither modulation watermarking of deep neural network. J. Inf. Secur. Appl. 63, 103004 (2021)

    Google Scholar 

  13. Li, Y., Wang, H., Barni, M.: A survey of deep neural network watermarking techniques. Neurocomputing 461, 171–193 (2021). https://doi.org/10.1016/j.neucom.2021.07.051. https://www.sciencedirect.com/science/article/pii/S092523122101095X

  14. Sandberg, D.: Pretrained CNN model for face recognition. https://github.com/davidsandberg/facenet

  15. Shafieinejad, M., Lukas, N., Wang, J., Li, X., Kerschbaum, F.: On the robustness of backdoor-based watermarking in deep neural networks. In: Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security, pp. 177–188 (2021)

    Google Scholar 

  16. Sun, Y., Chen, Y., Wang, X., Tang, X.: Deep learning face representation by joint identification-verification. In: Proceedings of the 27th International Conference on Neural Information Processing Systems, NIPS 2014, vol. 2, pp. 1988–1996. MIT Press, Cambridge (2014)

    Google Scholar 

  17. Szegedy, C., Ioffe, S., Vanhoucke, V., Alemi, A.A.: Inception-v4, inception-ResNet and the impact of residual connections on learning. In: Proceedings of the Thirty-First AAAI Conference on Artificial Intelligence, San Francisco, California, USA, 4–9 February 2017, pp. 4278–4284 (2017)

    Google Scholar 

  18. Taigman, Y., Yang, M., Ranzato, M., Wolf, L.: DeepFace: closing the gap to human-level performance in face verification. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1701–1708 (2014)

    Google Scholar 

  19. Uchida, Y., Nagai, Y., Sakazawa, S., Satoh, S.: Embedding watermarks into deep neural networks. In: Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval, pp. 269–277 (2017)

    Google Scholar 

  20. Wang, F.: Overlapping list between VGGFace2 and LFW (2018). https://github.com/happynear/FaceDatasets

  21. Zhang, J., et al.: Protecting intellectual property of deep neural networks with watermarking. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 159–172 (2018)

    Google Scholar 

  22. Zhang, K., Zhang, Z., Li, Z., Qiao, Y.: Joint face detection and alignment using multitask cascaded convolutional networks. IEEE Sig. Process. Lett. 23(10), 1499–1503 (2016)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Engineering and Mathematics, University of Siena, Via Roma 56, 53100, Siena, Italy

    Wei Guo, Benedetta Tondi & Mauro Barni

Authors
  1. Wei Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benedetta Tondi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mauro Barni
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Xianfeng Zhao

  2. University of Florence, Florence, Italy

    Alessandro Piva

  3. Universidade de Vigo, Vigo, Spain

    Pedro Comesaña-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Guo, W., Tondi, B., Barni, M. (2022). MasterFace Watermarking for IPR Protection of Siamese Network for Face Verification. In: Zhao, X., Piva, A., Comesaña-Alfaro, P. (eds) Digital Forensics and Watermarking. IWDW 2021. Lecture Notes in Computer Science(), vol 13180. Springer, Cham. https://doi.org/10.1007/978-3-030-95398-0_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-95398-0_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-95397-3

  • Online ISBN: 978-3-030-95398-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation