A dual-verification model watermarking scheme based on certification files

Abstract

Abstract: With the integration of edge computing frameworks and federated learning protocols, an increasing number of copyright protection methods for deep learning models have been proposed. However, solely verifying ownership from the senders perspective does not provide assistance to the receiver. Numerous studies have indicated that in client-edge-cloud federated learning systems, malicious users attempt to gain access to public models without contributing or even poison the public models. Therefore, it is necessary to provide a model ownership verification scheme for the receiver. Building upon existing neural network watermarking schemes, this paper proposes a dual-verification model watermarking scheme based on certification files. It introduces a certification file generation step and implements dual ownership verification of the model through adjustments in the model structure. The feasibility, robustness, and improvement in watermark embedding rate of the scheme are verified through experiments.

Key words: edge computing, federated learning, deep neural network, model copyright protection, digital watermarking

WU Xia, ZHENG Hong-ying, XIAO Di. A dual-verification model watermarking scheme based on certification files[J]. Computer Engineering & Science, 2024, 46(04): 647-656.

References ［23］

［1］	Asikuzzaman M,Pickering M R.An overview of digital video watermarking ［J］.IEEE Transactions on Circuits and Systems for Video Technology,2018,28(9):2131-2153.
［2］	Liu L,Zhang J,Song S H,et al.Client-edge-cloud hierarchical federated learning［C］∥Proc of the IEEE International Conference on Communications,2020:1-6.
［3］	McMahan B H, Moore E,Ramage D,et al.Federated learning of deep networks using model averaging［J］. arXiv:1602.05629,2016.
［4］	Lim W Y B, Luong N C, Hoang D T,et al.Federated learning in mobile edge networks:A comprehensive survey［J］.IEEE Communications Surveys & Tutorials,2020,22(3):2031-2063.
［5］	Zhao M C,An B,Gao W,et al.Efficient label contamination attacks against black-box learning models［C］∥Proc of the 26th International Joint Conference on Artificial Intelligence,2017:3945-3951.
［6］	Fan L,Ng K W,Chan C S,et al.DeepIPR:Deep neural network ownership verification with passports ［J］.IEEE Trans- actions on Pattern Analysis and Machine Intelligence,2022,44(10):6122-6139.
［7］	Chen H,Rouhani B D,Fu C,et al.DeepMarks:A secure fingerprinting framework for digital rights management of deep learning models［C］∥Proc of the International Conference on Multimedia Retrieval,2019:105-113.
［8］	Zhang J L,Gu Z S,Jang J Y,et al.Protecting intellectual property of deep neural networks with watermarking［C］∥Proc of the 2018 Asia Conference on Computer and Communications Security,2018:159-172.
［9］	Uchida Y, Nagai Y,Sakazawa S,et al.Embedding watermarks into deep neural networks［C］∥Proc of the ACM International Conference on Multimedia Retrieval,2017:269-277.
［10］	Rouhani B D,Chen H L,Koushanfar F.DeepSigns:A generic watermarking framework for IP protection of deep learning models［C］∥Proc of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems,2019:485-497.
［11］	Adi Y,Baum C,Cisse M,et al.Turning your weakness into a strength:Watermarking deep neural networks by backdooring［C］∥Proc of the 27th USENIX Conference on Security Symposium,2018:1615-1631.
［12］	Guo J, Potkonjak M.Watermarking deep neural networks for embedded systems［C］∥Proc of the 2018 IEEE/ACM International Conference on Computer-Aided Design,2018:1-8.
［13］	Shafieinejad M,Wang J,Lukas N,et al.On the robustness of the backdoor-based watermarking in deep neural networks［C］∥Proc of the 2021 ACM Workshop on Information Hiding and Multimedia Security,2021:177-188.
［14］	Le Merrer E,Perez P,Trédan G.Adversarial frontier stit- ching for remote neural network watermarking ［J］.Neural Computing and Applications,2019,32:9233-9244.
［15］	Zhang J,Chen D D,Liao J,et al.Passport-aware normalization for deep model protection［C］∥Proc of the 34th International Confe- rence on Neural Information Processing Systems,2020:22619-22628.
［16］	Xu X R,Li Y Q,Yuan C.“Identity bracelets” for deep neural networks ［J］.IEEE Access,2020,8:102065-102074.
［17］	Xu P F,Zhang X F,Hao C.AutoDNNchip:An automated DNN chip predictor and builder for both FPGAs and ASICs［C］∥Proc of the 2020 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays,2020:40-50.
［18］	Lin N,Chen X M,Xia C W,et al.ChaoPIM:A PIM-based protection framework for DNN accelerators using chaotic encryption［C］∥Proc of the 2021 IEEE 30th Asian Test Symposium,2021:1-6.
［19］	Yang Q,Liu Y,Chen T,et al.Federated machine learning:Concept and applications ［J］.ACM Transactions on Intelligent Systems and Technology,2019,10(2):1-19.
［20］	Li F Q,Wang S L,Liew A W C.Regulating ownership verification for deep neural networks:Scenarios,protocols,and prospects［J］. arXiv:2018.09065,2021.
［21］	Atli B G,Xia Y X,Marchal S,et al.WAFFLE:Watermarking in federated learning［C］∥Proc of the 40th International Symposium on Reliable Distributed Systems,2021:310-320.
［22］	Li B W,Fan L X,Gu H L,et al.FedIPR:Ownership verification for federated deep neural network models ［J］.IEEE Transactions on Pattern Analysis and Machine Intelligence,2022,45(4):4521-4536.
［23］	McMahan B,Moore E,Ramage D,et al.Communication efficient learning of deep networks from decentralized data ［C］∥Proc of the 20th International Conference on Artificial Intelligence and Statistics,2017:1273-1282.

[1]	LI Lei, ZHENG Li-ming, WANG Hong-yi, CHAI Yong-yi, LIU Pei-guo. A 6H parallel computing architecture for edge computing [J]. Computer Engineering & Science, 2023, 45(09): 1544-1552.
[2]	XIA Ge-ming, YU Chao-dong, CHEN Jian. Trust problems in edge computing:Challenges and reviews [J]. Computer Engineering & Science, 2023, 45(08): 1393-1404.
[3]	CAO Jian, CHEN Yi-mei, LI Hai-sheng, CAI Qiang, . A survey of pedestrian trajectory prediction based on graph neural network [J]. Computer Engineering & Science, 2023, 45(06): 1040-1053.
[4]	CHEN Xin-hai, LIU Jie, WAN Qian, GONG Chun-ye, . An improved method for solving partial differential equations using deep neural networks [J]. Computer Engineering & Science, 2022, 44(11): 1932-1940.
[5]	MA Ming-yuan, LI Hu, WANG Zi-bin, KUANG Xiao-hui. A survey of backdoor implantation and detection techniques on deep neural network model [J]. Computer Engineering & Science, 2022, 44(11): 1959-1968.
[6]	ZHANG Kai-sheng, ZHAO Xiao-fen. Robust speech recognition based on adaptive deep neural network in complex environment [J]. Computer Engineering & Science, 2022, 44(06): 1105-1113.
[7]	JIAN Jie, LUO Zhang, LAI Ming-che, XIAO Li-quan, XU Wei-xia. An adaptive high-speed channel equalizer based on deep neural network [J]. Computer Engineering & Science, 2022, 44(04): 605-610.
[8]	DU Peng, LI Chao, SHI Jian-ping, JIANG Lin. A deep neural network model compression method based on Adams shortcut connection [J]. Computer Engineering & Science, 2021, 43(11): 2043-2048.
[9]	. A federated ensemble algorithm for multi-source data security [J]. Computer Engineering & Science, 2021, 43(08): 1387-1397.
[10]	HE Jing, LI Jin-wen, YANG An-yi. High speed channel modeling based on machine learning [J]. Computer Engineering & Science, 2021, 43(06): 984-988.
[11]	ZHANG Li-zhi, RAN Zhe-jiang, LAI Zhi-quan, LIU Feng. Performance analysis of distributed deep learning communication architecture [J]. Computer Engineering & Science, 2021, 43(03): 416-425.
[12]	TANG Zuo-dong,GONG Xiao-feng,LUO Rui-sen. A signal modulation recognition method based on wavelet feature and depth neural network [J]. Computer Engineering & Science, 2020, 42(05): 902-909.

A dual-verification model watermarking scheme based on certification files

PDF

Knowledge

Abstract

Cite this article

share this article

References ［23］

Related Articles 12

Recommended Articles

Metrics

Comments