Abstract
This paper proposes a watermarking method that can be used for the copyright protection of DNN models, utilizing learnable block-wise image transformation techniques and a secret key to embed a watermark. A black-box watermarking approach is used, which does not require a specific predefined training or trigger set, allowing for the remote verification of model ownership. As a result, this method can achieve copyright protection using authentication methods for DNN models. Results of experiments on established datasets [1, 2] indicate that the original watermark is not easily overwritten by pirated watermarks. Moreover, its performance in pruning attack experiments is similar to that observed in the studies cited above. However, our approach demonstrates stronger robustness against fine-tuning attacks, while also achieving higher image classification accuracy.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
