一种基于认证文件的双方验证模型水印方案

计算机工程与科学 ›› 2024, Vol. 46 ›› Issue (04): 647-656.

• 计算机网络与信息安全 • 上一篇下一篇

一种基于认证文件的双方验证模型水印方案

吴瑕,郑洪英,肖迪

(重庆大学计算机学院，重庆 401331)

收稿日期:2023-11-14 修回日期:2023-12-29 接受日期:2024-04-25 出版日期:2024-04-25 发布日期:2024-04-18
基金资助:
国家自然科学基金(62072063)

A dual-verification model watermarking scheme based on certification files

WU Xia,ZHENG Hong-ying,XIAO Di

(College of Computer Science,Chongqing University,Chongqing 401331,China)

Received:2023-11-14 Revised:2023-12-29 Accepted:2024-04-25 Online:2024-04-25 Published:2024-04-18

摘要/Abstract

摘要： 随着边缘计算框架和联邦学习协议的结合，越来越多的深度学习模型版权保护工作被提出，但仅从发送方角度进行所有权验证，无法为接收方提供帮助。大量研究指出，在端-边-云联邦学习系统中，存在恶意用户试图无贡献获取公共模型，甚至向公共模型投毒，为此，有必要给接收方提供模型所有权验证方案。该研究在现有神经网络水印方案的基础上，提出了一种基于认证文件的双方验证模型水印方案，添加了认证文件生成步骤，并以模型结构调整实现双方对模型的所有权验证。通过实验验证了所提方案的可行性、鲁棒性以及获得的水印嵌入速度提升。

关键词: 边缘计算, 联邦学习, 深度神经网络, 模型版权保护, 数字水印

Abstract: With the integration of edge computing frameworks and federated learning protocols, an increasing number of copyright protection methods for deep learning models have been proposed. However, solely verifying ownership from the senders perspective does not provide assistance to the receiver. Numerous studies have indicated that in client-edge-cloud federated learning systems, malicious users attempt to gain access to public models without contributing or even poison the public models. Therefore, it is necessary to provide a model ownership verification scheme for the receiver. Building upon existing neural network watermarking schemes, this paper proposes a dual-verification model watermarking scheme based on certification files. It introduces a certification file generation step and implements dual ownership verification of the model through adjustments in the model structure. The feasibility, robustness, and improvement in watermark embedding rate of the scheme are verified through experiments.

Key words: edge computing, federated learning, deep neural network, model copyright protection, digital watermarking

吴瑕, 郑洪英, 肖迪. 一种基于认证文件的双方验证模型水印方案[J]. 计算机工程与科学, 2024, 46(04): 647-656.

WU Xia, ZHENG Hong-ying, XIAO Di. A dual-verification model watermarking scheme based on certification files[J]. Computer Engineering & Science, 2024, 46(04): 647-656.

参考文献［23］

［1］	Asikuzzaman M,Pickering M R.An overview of digital video watermarking ［J］.IEEE Transactions on Circuits and Systems for Video Technology,2018,28(9):2131-2153.
［2］	Liu L,Zhang J,Song S H,et al.Client-edge-cloud hierarchical federated learning［C］∥Proc of the IEEE International Conference on Communications,2020:1-6.
［3］	McMahan B H, Moore E,Ramage D,et al.Federated learning of deep networks using model averaging［J］. arXiv:1602.05629,2016.
［4］	Lim W Y B, Luong N C, Hoang D T,et al.Federated learning in mobile edge networks:A comprehensive survey［J］.IEEE Communications Surveys & Tutorials,2020,22(3):2031-2063.
［5］	Zhao M C,An B,Gao W,et al.Efficient label contamination attacks against black-box learning models［C］∥Proc of the 26th International Joint Conference on Artificial Intelligence,2017:3945-3951.
［6］	Fan L,Ng K W,Chan C S,et al.DeepIPR:Deep neural network ownership verification with passports ［J］.IEEE Trans- actions on Pattern Analysis and Machine Intelligence,2022,44(10):6122-6139.
［7］	Chen H,Rouhani B D,Fu C,et al.DeepMarks:A secure fingerprinting framework for digital rights management of deep learning models［C］∥Proc of the International Conference on Multimedia Retrieval,2019:105-113.
［8］	Zhang J L,Gu Z S,Jang J Y,et al.Protecting intellectual property of deep neural networks with watermarking［C］∥Proc of the 2018 Asia Conference on Computer and Communications Security,2018:159-172.
［9］	Uchida Y, Nagai Y,Sakazawa S,et al.Embedding watermarks into deep neural networks［C］∥Proc of the ACM International Conference on Multimedia Retrieval,2017:269-277.
［10］	Rouhani B D,Chen H L,Koushanfar F.DeepSigns:A generic watermarking framework for IP protection of deep learning models［C］∥Proc of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems,2019:485-497.
［11］	Adi Y,Baum C,Cisse M,et al.Turning your weakness into a strength:Watermarking deep neural networks by backdooring［C］∥Proc of the 27th USENIX Conference on Security Symposium,2018:1615-1631.
［12］	Guo J, Potkonjak M.Watermarking deep neural networks for embedded systems［C］∥Proc of the 2018 IEEE/ACM International Conference on Computer-Aided Design,2018:1-8.
［13］	Shafieinejad M,Wang J,Lukas N,et al.On the robustness of the backdoor-based watermarking in deep neural networks［C］∥Proc of the 2021 ACM Workshop on Information Hiding and Multimedia Security,2021:177-188.
［14］	Le Merrer E,Perez P,Trédan G.Adversarial frontier stit- ching for remote neural network watermarking ［J］.Neural Computing and Applications,2019,32:9233-9244.
［15］	Zhang J,Chen D D,Liao J,et al.Passport-aware normalization for deep model protection［C］∥Proc of the 34th International Confe- rence on Neural Information Processing Systems,2020:22619-22628.
［16］	Xu X R,Li Y Q,Yuan C.“Identity bracelets” for deep neural networks ［J］.IEEE Access,2020,8:102065-102074.
［17］	Xu P F,Zhang X F,Hao C.AutoDNNchip:An automated DNN chip predictor and builder for both FPGAs and ASICs［C］∥Proc of the 2020 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays,2020:40-50.
［18］	Lin N,Chen X M,Xia C W,et al.ChaoPIM:A PIM-based protection framework for DNN accelerators using chaotic encryption［C］∥Proc of the 2021 IEEE 30th Asian Test Symposium,2021:1-6.
［19］	Yang Q,Liu Y,Chen T,et al.Federated machine learning:Concept and applications ［J］.ACM Transactions on Intelligent Systems and Technology,2019,10(2):1-19.
［20］	Li F Q,Wang S L,Liew A W C.Regulating ownership verification for deep neural networks:Scenarios,protocols,and prospects［J］. arXiv:2018.09065,2021.
［21］	Atli B G,Xia Y X,Marchal S,et al.WAFFLE:Watermarking in federated learning［C］∥Proc of the 40th International Symposium on Reliable Distributed Systems,2021:310-320.
［22］	Li B W,Fan L X,Gu H L,et al.FedIPR:Ownership verification for federated deep neural network models ［J］.IEEE Transactions on Pattern Analysis and Machine Intelligence,2022,45(4):4521-4536.
［23］	McMahan B,Moore E,Ramage D,et al.Communication efficient learning of deep networks from decentralized data ［C］∥Proc of the 20th International Conference on Artificial Intelligence and Statistics,2017:1273-1282.

[1]	李磊, 郑黎明, 王宏义, 柴永毅, 刘培国. 适用于边缘计算的6H并行计算架构[J]. 计算机工程与科学, 2023, 45(09): 1544-1552.
[2]	夏戈明, 虞朝栋, 陈健. 边缘计算中的信任问题：挑战与评论[J]. 计算机工程与科学, 2023, 45(08): 1393-1404.
[3]	曹健, 陈怡梅, 李海生, 蔡强, . 基于图神经网络的行人轨迹预测研究综述[J]. 计算机工程与科学, 2023, 45(06): 1040-1053.
[4]	马铭苑, 李虎, 王梓斌, 况晓辉. 深度神经网络模型后门植入与检测技术研究综述[J]. 计算机工程与科学, 2022, 44(11): 1959-1968.
[5]	张开生, 赵小芬. 复杂环境下基于自适应深度神经网络的鲁棒语音识别[J]. 计算机工程与科学, 2022, 44(06): 1105-1113.
[6]	翦杰, 罗章, 赖明澈, 肖立权, 徐炜遐. 基于深度神经网络的高速信道自适应均衡器[J]. 计算机工程与科学, 2022, 44(04): 605-610.
[7]	杜鹏, 李超, 石剑平, 姜麟. 基于阿当姆斯捷径连接的深度神经网络模型压缩方法[J]. 计算机工程与科学, 2021, 43(11): 2043-2048.
[8]	罗长银, 陈学斌, 刘洋, 张淑芬, . 基于联邦集成算法对多源数据安全性的研究[J]. 计算机工程与科学, 2021, 43(08): 1387-1397.
[9]	张立志, 冉浙江, 赖志权, 刘锋. 分布式深度学习通信架构的性能分析[J]. 计算机工程与科学, 2021, 43(03): 416-425.
[10]	唐作栋，龚晓峰，雒瑞森. 一种小波特征与深度神经网络结合的信号制式识别算法[J]. 计算机工程与科学, 2020, 42(05): 902-909.

一种基于认证文件的双方验证模型水印方案

A dual-verification model watermarking scheme based on certification files

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献［23］

相关文章 10

编辑推荐

Metrics

本文评价

一种基于认证文件的双方验证模型水印方案

A dual-verification model watermarking scheme based on certification files

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献 ［23］

相关文章 10

编辑推荐

Metrics

本文评价

参考文献［23］