A novel model watermarking for protecting generative adversarial network

With the advance of deep learning, it definitely has achieved the unprecedented success in the community of artificial intelligence. However, the issue of the intellectual property (IP) protection towards deep learning model is usually ignored, which largely threats the interests of the model owner....

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 127; p. 103102
Main Authors Qiao, Tong, Ma, Yuyan, Zheng, Ning, Wu, Hanzhou, Chen, Yanli, Xu, Ming, Luo, Xiangyang
Format Journal Article
LanguageEnglish
Published Elsevier Ltd 01.04.2023
Subjects
Artificial intelligence
Deep learning
GAN
IP Protection
Model watermarking
Deep learning
Model watermarking
IP Protection
GAN
Artificial intelligence
Online AccessGet full text

Cover

More Information
Summary:With the advance of deep learning, it definitely has achieved the unprecedented success in the community of artificial intelligence. However, the issue of the intellectual property (IP) protection towards deep learning model is usually ignored, which largely threats the interests of the model owner. Currently, although a few schemes of model watermarking have been continuously proposed, in order to protect the specific neural network designed for detection or classification task, most of them are hardly directly applicable to generative adversarial networks (GAN). To our knowledge, the GAN model has plays more and more important role in the computer vision, such as image-to-image translation, text-to-image translation, image inpainting and etc., which remarkably improves the capability of image generation. Similarly, the malicious attackers possibly steal a trained GAN model to infringe the IP of the true model owner. To address that challenging issue, it is proposed to establish the framework of model watermarking towards GAN model. In particular, we first establish the trigger set by combining the watermark label with the verification image. Next, the watermarked generator is efficiently trained on the premise of preserving the original model performance. Finally, only relying on the correct watermark label, the synthetic watermark can be successfully triggered by the model owner for IP protection. The extensive experiments have verified the effectiveness and generalization of our designed method, which can easily be applicable to the benchmark GAN models such as WGAN-GP, ProGAN and StyleGAN2. Moreover, our proposed model watermark is robust enough to resist against the mainstream attacks, such as parameter fine-tuning and model pruning.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2023.103102