Abstract
Deep neural network (DNN) has made unprecedented leaps in functionality and usefulness in the past few years, revolutionizing various promising fields such as image recognition and machine translation. The trainer’s high-performance DNNs are often considered intellectual property (IP) due to their expensive training costs. However, one pre-trained model may face various infringement problems when hacked by a malicious user, such as illegal copying or secondary selling. Digital watermarking is one of the effective methods currently used for model ownership verification. Nonetheless, limited by the ex-ante nature of the watermark embedding phase and the ex-post nature of the verification phase, previous research has only supported private verification or one-time public verification, failing to achieve multiple public verifications. In this paper, we introduce the definition of chameleon DNN watermarking and propose the first DNN watermarking scheme based on chameleon commitment, which allows multiple public verifications to declare the owner’s model ownership without exposing the core watermark information. We give a comprehensive security analysis of the verification scheme of chameleon DNN watermarking and prove by experiments that chameleon DNN watermarking can maintain the high-performance and robustness of the model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)
Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. Commun. ACM 60(6), 84–90 (2017)
Zhang, J., Chen, Y., Hong, S., Li, H.: REBUILD: graph embedding based method for user social role identity on mobile communication network. In: Tan, Y., Takagi, H., Shi, Y. (eds) Data Mining and Big Data. DMBD 2017. LNCS, vol. 10387, pp. 326–333. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61845-6_33
Graves, A., Mohamed, A.R., Hinton, G.: Speech recognition with deep recurrent neural networks. In: 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 6645–6649 (2013)
Vaswani, A., et al.: Attention is all you need. Adv. Neural. Inf. Process. Syst. 30, 5998–6008 (2017)
LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436–444 (2015)
Adi, Y., Baum, C., Cisse, M., Pinkas, B., Keshet, J.: Turning your weakness into a strength: watermarking deep neural networks by backdooring. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 1615–1631 (2018)
Uchida, Y., Nagai, Y., Sakazawa, S., Satoh, S.: Embedding watermarks into deep neural networks. In: Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval, pp. 269–277 (2017)
Zhang, J., et al.: Protecting intellectual property of deep neural networks with watermarking. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 159–172 (2018)
Le Merrer, E., Perez, P., Trédan, G.: Adversarial frontier stitching for remote neural network watermarking. Neural Comput. Appl. 32(13), 9233–9244 (2020)
Zhang, X., Chen, C., Xie, Y., Chen, X., Zhang, J., Xiang, Y.: Privacy inference attacks and defenses in cloud-based deep neural network: a survey. arXiv preprint arXiv:2105.06300 (2021)
Zhang, X., Chen, X., Liu, J.K., Xiang, Y.: DeepPAR and DeepDPA: privacy preserving and asynchronous deep learning for industrial IoT. IEEE Trans. Industr. Inf. 16(3), 2081–2090 (2019)
Zhang, J., et al.: Model watermarking for image processing networks. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 34, pp. 12805–12812 (2020)
Zhang, X., Chen, X., Yan, H., Xiang, Y.: Privacy-preserving and verifiable online crowdsourcing with worker updates. Inf. Sci. 548, 212–232 (2021)
Chen, X., Zhang, F., Kim, K.: Chameleon hashing without key exposure. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 87–98. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30144-8_8
Chen, X., Zhang, F., Susilo, W., Tian, H., Jin, L., Kim, K.: Identity-based chameleon hashing and signatures without key exposure. Inf. Sci. 265, 198–210 (2014)
Ateniese, G., de Medeiros, B.: Identity-based chameleon hash and applications. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 164–180. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27809-2_19
Acknowledgment
This work is supported by the National Nature Science Foundation of China (No. 62102300).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, W., Zhang, X., Lin, S., Ban, X., Chen, X. (2023). Chameleon DNN Watermarking: Dynamically Public Model Ownership Verification. In: You, I., Youn, TY. (eds) Information Security Applications. WISA 2022. Lecture Notes in Computer Science, vol 13720. Springer, Cham. https://doi.org/10.1007/978-3-031-25659-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-25659-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25658-5
Online ISBN: 978-3-031-25659-2
eBook Packages: Computer ScienceComputer Science (R0)