Copyright protection of open-sourced datasets based on invisible backdoor watermarking

Abstract

Abstract: To address the copyright protection issue in the field of image classification datasets, a traceable method based on invisible backdoor watermarking, named IBWOD, is proposed. This method ensures the watermark’s strong concealment while maintaining good usability and effectiveness. Firstly, an encoder-decoder network is used to embed the backdoor watermark into selected samples, generating watermark samples. Secondly, the labels of these watermark samples are modified to specified labels, and then the watermark samples are merged with unmodified samples to form a watermark dataset. Models trained using this watermark dataset will leave a specific backdoor, i.e., a mapping relationship from the backdoor watermark to the specified labels. Finally, a corresponding model verification algorithm is proposed, based on this special mapping relationship, to verify if a suspicious model has used the watermark dataset. Experimental results demonstrate that IBWOD can effectively verify whether a model has used the watermark dataset and possesses strong concealment.

Key words: open-sourced dataset, copyright protection, backdoor watermarking, machine learning, image classification

HUANG Zhi-hui, XIAO Xiang-li, ZHANG Yu-shu, XUE Ming-fu. Copyright protection of open-sourced datasets based on invisible backdoor watermarking[J]. Computer Engineering & Science, 2024, 46(06): 1013-1021.

References ［29］

［1］	Young T,Hazarika D,Poria S,et al.Recent trends in deep learning based natural language processing［J］.IEEE Computational Intelligence Magazine,2018,13(3):55-75.
［2］	陈海涵,吴国栋,李景霞,等.基于注意力机制的深度学习推荐研究进展［J］.计算机工程与科学,2021,43(2):370-380.
	Chen Hai-han,Wu Guo-dong,Li Jing-xia,et al.Research advances on deep learning recommendation based on attention mechanism［J］.Computer Engineering & Science,2021,43(2):370-380.
［3］	Hassaballah M,Awad A I.Deep learning in computer vision:Principles and applications［M］.Boca Raton:CRC Press,2020.
［4］	赵宝康,李晋文,杨帆,等.一种基于深度学习的遥感图像目标检测算法［J］.计算机工程与科学,2019,41(12):2166-2172.
	Zhao Bao-kang,Li Jin-wen,Yang Fan,et al.A deep learning based object detection algorithm for remote sensing images［J］.Computer Engineering & Science,2019,41(12):2166-2172.
［5］	Zhang J,Gu Z,Jang J,et al.Protecting intellectual property of deep neural networks with watermarking［C］∥Proc of the 2018 Asia Conference on Computer and Communications Security,2018:159-172.
［6］	Cao X,Jia J,Gong N.IPGuard:Protecting intellectual property of deep neural networks via fingerprinting the classification boundary［C］∥Proc of the 2021 Asia Conference on Computer and Communications Security,2021:14-25.
［7］	Xue M,Zhang Y,Wang J,et al.Intellectual property protection for deep learning models:Taxonomy,methods,attacks,and evaluations ［J］.IEEE Transactions on Artificial Intelligence,2021,3(6):908-923.
［8］	Wong C,Li J,Fu W,et al.(α,k)-Anonymity:An enhanced k-anonymity model for privacy-preserving data publishing［C］∥Proc of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining,2006:754-759.
［9］	Sei Y,Okumura H,Takenouchi T,et al.Anonymization of sensitive quasi-identifiers for l-diversity and t-closeness［J］.IEEE Transactions on Dependable and Secure Computing,2019,16(4):580-593.
［10］	Chen L,Lee W,Chang C,et al.Blockchain based searchable encryption for electronic health record sharing［J］.Future Generation Computer Systems,2019,95(1):420-429.
［11］	Li J,Yu Q,Zhang Y.Hierarchical attribute based encryption with continuous leakage-resilience［J］.Information Sciences,2019,484:113-134.
［12］	佘晓萌,杜洋,马文静,等.基于像素预测和块标记的图像密文可逆信息隐藏［J］.计算机研究与发展,2022,59(9):2089-2100.
	She Xiao-meng,Du Yang,Ma Wen-jing,et al.Reversible data hiding in encrypted images based on pixel prediction and block labeling［J］.Journal of Computer Research and Deve- lopment,2022,59(9):2089-2100.
［13］	Hoang M D.Dataset watermarking［D］.Helsinki:Aalto University,2021.
［14］	项世军,罗欣荣,石书协.一种同态加密域图像可逆水印算法［J］.计算机学报,2016,39(3):571-581.
	Xiang Shi-jun,Luo Xin-rong,Shi Shu-xie.A novel reversible image watermarking algorithm in homomorphic encrypted domain［J］.Chinese Journal of Computers,2016,39(3):571-581.
［15］	Li Y,Zhang Z,Bai J,et al.Open-sourced dataset protection via backdoor watermarking［J］.arXiv:2010.05821,2020.
［16］	Gu T,Liu K,Dolan-Gavitt B,et al.BadNets:Evaluating backdooring attacks on deep neural networks［J］.IEEE Access,2019,7:47230-47244.
［17］	Chen X,Liu C,Li B,et al.Targeted backdoor attacks on deep learning systems using data poisoning［J］.arXiv:1712.05526,2017.
［18］	Li Y,Li Y,Wu B,et al.Invisible backdoor attack with sample- specific triggers［J］.arXiv:2012.03816,2021.
［19］	Liu G,Xu T,Ma X,et al.Your model trains on my data? Protecting intellectual property of training data via membership fingerprint authentication［J］.IEEE Transactions on Information Forensics and Security,2022,17(1):1024-1037.
［20］	Li Y,Liu P,Jiang Y,et al.Visual privacy protection via mapping distortion［C］∥Proc of 2021 IEEE International Conference on Acoustics,Speech and Signal Processing,2021:3740-3744.
［21］	Chen K,Zeng X,Ying Q,et al.Invertible image dataset protection［J］.arXiv:2112.14420,2021.
［22］	Zhao M,Wang B,Wang W,et al.Guided erasable adversarial attack (GEAA) towards shared data protection［J］.IEEE Transactions on Information Forensics and Security,2022,17(1):2468-2482.
［23］	冯乐,朱仁杰,吴汉舟,等.神经网络水印综述［J］.应用科学学报,2021,39(6):881-892.
	Feng Le,Zhu Ren-jie,Wu Han-zhou,et al.Survey of neural network watermarking［J］.Journal of Applied Sciences,2021,39(6):881-892.
［24］	Zhang J,Chen D,Liao J,et al.Model watermarking for image processing networks［C］∥Proc of the 34th AAAI Conference on Artificial Intelligence,2020:12805-12812.
［25］	Renneberger O, Fischer P,Brox T.U-Net:Convolutional networks for biomedical image segmentation［C］∥Proc of the 18th International Conference on Medical Image Computing and Computer-Assisted Intervention,2015:234-241.
［26］	Fan Q,Yang J,Hua G,et al.A generic deep architecture for single image reflection removal and image smoothing［C］∥Proc of 2017 IEEE International Conference on Computer Vision,2017:3238-3247.
［27］	Isola P, Zhu J,Zhou T,et al.Image-to-image translation with conditional adversarial networks［C］∥Proc of 2016 IEEE Conference on Computer Vision and Pattern Recognition,2016:1125-1134.
［28］	Deng J,Dong W,Socher R,et al.ImageNet:A large-scale hier- archical image database［C］∥Proc of 2009 IEEE Conference on Computer Vision and Pattern Recognition,2009:248-255.
［29］	Everingham M, van Gool L,Williams C K I,et al.The PASCAL visual object classes (VOC) challenge［J］.International Journal of Computer Vision,2010,88(2):303-338.

[1]	WU Xia, ZHENG Hong-ying, XIAO Di. A dual-verification model watermarking scheme based on certification files [J]. Computer Engineering & Science, 2024, 46(04): 647-656.
[2]	GAO Shan, LI Shi-jie, CAI Zhi-ping. A survey of Chinese text classification based on deep learning [J]. Computer Engineering & Science, 2024, 46(04): 684-692.
[3]	HUANG Peng-cheng, FENG Chao-chao, MA Chi-yuan, . Machine learning prediction of timing violation under unknown corners [J]. Computer Engineering & Science, 2024, 46(03): 395-399.
[4]	LI Yang, YIN Da-peng, MA Zi-qiang , YAO Zi-hao, WEI Liang-gen, . Cache side-channel attack detection combining decision tree and AdaBoost [J]. Computer Engineering & Science, 2024, 46(03): 440-452.
[5]	PENG Chang, LIU Qing-zhi, CHEN Chang-bo, . Loop permutation and auto-tuning under polyhedral model [J]. Computer Engineering & Science, 2023, 45(12): 2121-2134.
[6]	ZHAO Zhen-yu, YANG Tian-hao, JIANG Wen-cheng, ZHANG Shu-zheng. A machine learning-based fast calculation method of multi-voltage, multi-temperature and multi-parameter standard cell delay [J]. Computer Engineering & Science, 2023, 45(08): 1331-1338.
[7]	LI Xiao-ling, FANG Jian-bin, MA Jun, TAN Shuang, TAN Yu-song. Automated task allocation of sparse matrix computation based on supervised learning [J]. Computer Engineering & Science, 2023, 45(05): 782-789.
[8]	HU Yan-fang, XIONG Wen, GAO Wei. An online game user churn prediction method based on Spark platform [J]. Computer Engineering & Science, 2022, 44(10): 1730-1737.
[9]	TANG Yang-kun, XIAN Gang, YANG Wen-xiang, YU Jie, ZHANG Xiao-rong, WANG Yao-bin. Job failure prediction based on user behavior on supercomputers [J]. Computer Engineering & Science, 2022, 44(10): 1753-1761.
[10]	CHU Yang, XU Wen-long. Review of early classification of Alzheimers disease based on computer-aided diagnosis technology [J]. Computer Engineering & Science, 2022, 44(05): 879-893.
[11]	CUI Hong, ZHAO Shuang, ZHANG Guang-sheng, SU Jin-shu. A mobile proxy application traffic identification method based on machine learning [J]. Computer Engineering & Science, 2022, 44(04): 654-664.
[12]	LIU Guo-qiang, ZHAO Zhen-yu, ZHAO Chen-yu, HAN Ao, YANG Tian-hao. A PCB routing resistance calculation method based on machine learning [J]. Computer Engineering & Science, 2022, 44(03): 396-402.
[13]	LI Wen-li. Network rumor recognition based on naive Bayesian classification [J]. Computer Engineering & Science, 2022, 44(03): 495-501.
[14]	CAO Liang-lin, BEN Ke-rong, ZHANG Xian. A surrogate-assisted multi-objective firefly algorithm for software defect prediction [J]. Computer Engineering & Science, 2022, 44(02): 257-265.
[15]	ZHANG Jia-hao, DENG Ke-feng, NIE Teng-fei, REN Kai-jun, SONG Jun-qiang. Overview on ocean mesoscale eddy detection and identification based on machine learning [J]. Computer Engineering & Science, 2021, 43(12): 2115-2125.

Copyright protection of open-sourced datasets based on invisible backdoor watermarking

PDF

Knowledge

Abstract

Cite this article

share this article

References ［29］

Related Articles 15

Recommended Articles

Metrics

Comments