What can Discriminator do? Towards Box-free Ownership Verification of Generative Adversarial Network

TL;DR

This paper introduces a novel, box-free method for verifying GAN ownership by leveraging the discriminator's ability to learn a unique distribution, providing robust protection against various attacks without relying on specific input queries.

Contribution

The paper proposes a new GAN ownership verification scheme that uses the discriminator to learn a unique hypersphere, enabling input-free, robust, and attack-resistant verification.

Findings

Effective verification across multiple GAN architectures

Immunity to input-based removal attacks

Robustness against existing verification attacks

Abstract

In recent decades, Generative Adversarial Network (GAN) and its variants have achieved unprecedented success in image synthesis. However, well-trained GANs are under the threat of illegal steal or leakage. The prior studies on remote ownership verification assume a black-box setting where the defender can query the suspicious model with specific inputs, which we identify is not enough for generation tasks. To this end, in this paper, we propose a novel IP protection scheme for GANs where ownership verification can be done by checking outputs only, without choosing the inputs (i.e., box-free setting). Specifically, we make use of the unexploited potential of the discriminator to learn a hypersphere that captures the unique distribution learned by the paired generator. Extensive evaluations on two popular GAN tasks and more than 10 GAN architectures demonstrate our proposed scheme to effectively verify the ownership. Our proposed scheme shown to be immune to popular input-based removal attacks and robust against other existing attacks. The source code and models are available at https://github.com/AbstractTeen/gan_ownership_verification