Mixer: DNN Watermarking using Image Mixup
Kassem Kallas, Teddy Furon
TL;DR
This paper introduces a novel DNN watermarking method using image Mixup to generate an infinite set of triggers, enhancing security and robustness without compromising primary task performance.
Contribution
It presents a lightweight, reliable watermarking approach that links watermark triggers to the primary task via image Mixup, offering improved security and robustness over existing methods.
Findings
Provides effective protection against various attacks
Achieves high robustness and security levels
Maintains primary task accuracy
Abstract
It is crucial to protect the intellectual property rights of DNN models prior to their deployment. The DNN should perform two main tasks: its primary task and watermarking task. This paper proposes a lightweight, reliable, and secure DNN watermarking that attempts to establish strong ties between these two tasks. The samples triggering the watermarking task are generated using image Mixup either from training or testing samples. This means that there is an infinity of triggers not limited to the samples used to embed the watermark in the model at training. The extensive experiments on image classification models for different datasets as well as exposing them to a variety of attacks, show that the proposed watermarking provides protection with an adequate level of security and robustness.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Digital Media Forensic Detection · Generative Adversarial Networks and Image Synthesis
MethodsMixup