Piracy-Resistant DNN Watermarking by Block-Wise Image Transformation with Secret Key

TL;DR

This paper introduces a novel DNN watermarking technique using learnable image transformations with a secret key, providing piracy resistance and robustness against attacks without needing special training sets.

Contribution

It presents a new watermarking method that embeds watermarks via learnable transformations, resisting overwriting and maintaining accuracy even after model modifications.

Findings

Resilient against fine-tuning and pruning attacks

Maintains high watermark detection accuracy

Does not require special training or trigger sets

Abstract

In this paper, we propose a novel DNN watermarking method that utilizes a learnable image transformation method with a secret key. The proposed method embeds a watermark pattern in a model by using learnable transformed images and allows us to remotely verify the ownership of the model. As a result, it is piracy-resistant, so the original watermark cannot be overwritten by a pirated watermark, and adding a new watermark decreases the model accuracy unlike most of the existing DNN watermarking methods. In addition, it does not require a special pre-defined training set or trigger set. We empirically evaluated the proposed method on the CIFAR-10 dataset. The results show that it was resilient against fine-tuning and pruning attacks while maintaining a high watermark-detection accuracy.