Towards Robust Model Watermark via Reducing Parametric Vulnerability

September 09, 2023 ยท Declared Dead ยท ๐Ÿ› IEEE International Conference on Computer Vision

๐Ÿ’€ CAUSE OF DEATH: 404 Not Found
Code link is broken/dead
Authors Guanhao Gan, Yiming Li, Dongxian Wu, Shu-Tao Xia arXiv ID 2309.04777 Category cs.CR: Cryptography & Security Cross-listed cs.AI, cs.CV, cs.LG Citations 18 Venue IEEE International Conference on Computer Vision Repository https://github.com/GuanhaoGan/robust-model-watermarking} Last Checked 1 month ago
Abstract
Deep neural networks are valuable assets considering their commercial benefits and huge demands for costly annotation and computation resources. To protect the copyright of DNNs, backdoor-based ownership verification becomes popular recently, in which the model owner can watermark the model by embedding a specific backdoor behavior before releasing it. The defenders (usually the model owners) can identify whether a suspicious third-party model is ``stolen'' from them based on the presence of the behavior. Unfortunately, these watermarks are proven to be vulnerable to removal attacks even like fine-tuning. To further explore this vulnerability, we investigate the parameter space and find there exist many watermark-removed models in the vicinity of the watermarked one, which may be easily used by removal attacks. Inspired by this finding, we propose a mini-max formulation to find these watermark-removed models and recover their watermark behavior. Extensive experiments demonstrate that our method improves the robustness of the model watermarking against parametric changes and numerous watermark-removal attacks. The codes for reproducing our main experiments are available at \url{https://github.com/GuanhaoGan/robust-model-watermarking}.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

๐Ÿ“œ Similar Papers

In the same crypt โ€” Cryptography & Security

Died the same way โ€” ๐Ÿ’€ 404 Not Found