Fingerprinting Image-to-Image Generative Adversarial Networks

TL;DR

This paper introduces a new fingerprinting scheme for image-to-image GANs that enhances ownership verification and robustness, addressing previous limitations in stealthiness and security.

Contribution

It proposes a composite deep learning model for embedding fingerprints into GANs, improving IP protection methods with theoretical guarantees and practical effectiveness.

Findings

Outperforms existing fingerprinting strategies in experiments

Ensures security requirements for IP protection are met

Provides a practical scheme for protecting modern image-to-image GANs

Abstract

Generative Adversarial Networks (GANs) have been widely used in various application scenarios. Since the production of a commercial GAN requires substantial computational and human resources, the copyright protection of GANs is urgently needed. This paper presents a novel fingerprinting scheme for the Intellectual Property (IP) protection of image-to-image GANs based on a trusted third party. We break through the stealthiness and robustness bottlenecks suffered by previous fingerprinting methods for classification models being naively transferred to GANs. Specifically, we innovatively construct a composite deep learning model from the target GAN and a classifier. Then we generate fingerprint samples from this composite model, and embed them in the classifier for effective ownership verification. This scheme inspires some concrete methodologies to practically protect the modern image-to-image translation GANs. Theoretical analysis proves that these methods can satisfy different security requirements necessary for IP protection. We also conduct extensive experiments to show that our solutions outperform existing strategies.