Deep Intellectual Property Protection: A Survey

TL;DR

This survey comprehensively reviews deep neural network intellectual property protection methods, focusing on deep watermarking and fingerprinting, analyzing over 190 contributions to identify challenges, metrics, and future directions.

Contribution

It provides the first extensive taxonomy and analysis of DNN IP protection techniques, summarizing recent research and proposing future research directions.

Findings

Deep watermarking and fingerprinting are the main IP protection methods.

Over 190 research contributions are analyzed in the survey.

The survey highlights challenges and promising future research directions.

Abstract

Deep Neural Networks (DNNs), from AlexNet to ResNet to ChatGPT, have made revolutionary progress in recent years, and are widely used in various fields. The high performance of DNNs requires a huge amount of high-quality data, expensive computing hardware, and excellent DNN architectures that are costly to obtain. Therefore, trained DNNs are becoming valuable assets and must be considered the Intellectual Property (IP) of the legitimate owner who created them, in order to protect trained DNN models from illegal reproduction, stealing, redistribution, or abuse. Although being a new emerging and interdisciplinary field, numerous DNN model IP protection methods have been proposed. Given this period of rapid evolution, the goal of this paper is to provide a comprehensive survey of two mainstream DNN IP protection methods: deep watermarking and deep fingerprinting, with a proposed taxonomy. More than 190 research contributions are included in this survey, covering many aspects of Deep IP Protection: problem definition, main threats and challenges, merits and demerits of deep watermarking and deep fingerprinting methods, evaluation metrics, and performance discussion. We finish the survey by identifying promising directions for future research.