PCPT and ACPT: Copyright Protection and Traceability Scheme for DNN Models

TL;DR

This paper introduces PCPT and ACPT, innovative frameworks for copyright protection and traceability of DNN models, enhancing security and reducing false positives through watermarking, perceptual hashing, and strict authorization control.

Contribution

The paper presents novel passive and active protection schemes for DNN models that improve traceability accuracy and security over existing methods.

Findings

Reduces false-positive rate in traceability mechanisms.

Enhances authorization control for DNN model access.

Strengthens security against forgery attacks.

Abstract

Deep neural networks (DNNs) have achieved tremendous success in artificial intelligence (AI) fields. However, DNN models can be easily illegally copied, redistributed, or abused by criminals, seriously damaging the interests of model inventors. The copyright protection of DNN models by neural network watermarking has been studied, but the establishment of a traceability mechanism for determining the authorized users of a leaked model is a new problem driven by the demand for AI services. Because the existing traceability mechanisms are used for models without watermarks, a small number of false-positives are generated. Existing black-box active protection schemes have loose authorization control and are vulnerable to forgery attacks. Therefore, based on the idea of black-box neural network watermarking with the video framing and image perceptual hash algorithm, a passive copyright protection and traceability framework PCPT is proposed that uses an additional class of DNN models, improving the existing traceability mechanism that yields a small number of false-positives. Based on an authorization control strategy and image perceptual hash algorithm, a DNN model active copyright protection and traceability framework ACPT is proposed. This framework uses the authorization control center constructed by the detector and verifier. This approach realizes stricter authorization control, which establishes a strong connection between users and model owners, improves the framework security, and supports traceability verification.