Protecting Intellectual Property of Deep Neural Networks with Watermarking Protecting Intellectual Property of Deep Neural Networks with Watermarking
Paper summary Zhang et al. propose a watermarking approach to protect the intellectual property of deep neural network models. Here, the watermarking concept is generalized from multimedia; specifically, the purpose of a watermark is to uniquely identify a neural network model as the original owner’s property to avoid plagiarism. The problem is illustrated in Figure 1. As watermarks, the authors consider perturbed input images. During training, these perturbations are trained to produce very specific outputs, as illustrated in Figure 2. For example, random pixels are added, or text is added to images. After training, the model can be uniquely identified by these perturbed watermark images that are unrelated to the actual task. https://i.imgur.com/TydqBwo.png Figure 1: Illustration of the problem setting for watermarking. https://i.imgur.com/5Zlei0z.png Figure 2: Example watermarks. Also find this summary at [davidstutz.de](https://davidstutz.de/category/reading/).
doi.org
sci-hub
scholar.google.com
Protecting Intellectual Property of Deep Neural Networks with Watermarking
Zhang, Jialong and Gu, Zhongshu and Jang, Jiyong and Wu, Hui and Stoecklin, Marc Ph. and Huang, Heqing and Molloy, Ian
ACM AsiaCCS - 2018 via Local Bibsonomy
Keywords: dblp




ShortScience.org allows researchers to publish paper summaries that are voted on and ranked!
About

Sponsored by: and