Linked e-resources
Details
Table of Contents
Intro
Preface
Contents
Contributors
About the Editors
Acronyms
Mathematical Notation
Fundamentals
Machine Learning
Model Watermarking
Part I Preliminary
1 Introduction
1.1 Why Digital Watermarking for Machine Learning Models?
1.2 How Digital Watermarking Is Used for Machine Learning Models?
1.2.1 Techniques
1.2.2 Protocols
1.2.3 Applications
1.3 Related Work
1.3.1 White-Box Watermarks
1.3.2 Black-Box Watermarks
1.3.3 Neural Network Fingerprints
1.4 About This Book
References
2 Ownership Verification Protocols for Deep Neural Network Watermarks
2.1 Introduction
2.2 Security Formulation
2.2.1 Functionality Preserving
2.2.2 Accuracy and Unambiguity
2.2.3 Persistency
2.2.4 Other Security Requirements
2.3 The Ownership Verification Protocol for DNN
2.3.1 The Boycotting Attack and the Corresponding Security
2.3.2 The Overwriting Attack and the Corresponding Security
2.3.3 Evidence Exposure and the Corresponding Security
2.3.4 A Logic Perspective of the OV Protocol
2.3.5 Remarks on Advanced Protocols
2.4 Conclusion
References
Part II Techniques
3 Model Watermarking for Deep Neural Networks of ImageRecovery
3.1 Introduction
3.2 Related Works
3.2.1 White-Box Model Watermarking
3.2.2 Black-Box Model Watermarking
3.3 Problem Formulation
3.3.1 Notations and Definitions
3.3.2 Principles for Watermarking Image Recovery DNNs
3.3.3 Model-Oriented Attacks to Model Watermarking
3.4 Proposed Method
3.4.1 Main Idea and Framework
3.4.2 Trigger Key Generation
3.4.3 Watermark Generation
3.4.4 Watermark Embedding
3.4.5 Watermark Verification
3.4.6 Auxiliary Copyright Visualizer
3.5 Conclusion
References
4 The Robust and Harmless Model Watermarking
4.1 Introduction
4.2 Related Work
4.2.1 Model Stealing
4.2.2 Defenses Against Model Stealing
4.3 Revisiting Existing Model Ownership Verification
4.3.1 The Limitation of Dataset Inference
4.3.2 The Limitation of Backdoor-Based Watermarking
4.4 The Proposed Method Under Centralized Training
4.4.1 Threat Model and Method Pipeline
4.4.2 Model Watermarking with Embedded External Features
4.4.3 Training Ownership Meta-Classifier
4.4.4 Model Ownership Verification with Hypothesis Test
4.5 The Proposed Method Under Federated Learning
4.5.1 Problem Formulation and Threat Model
4.5.2 The Proposed Method
4.6 Experiments
4.6.1 Experimental Settings
4.6.2 Main Results Under Centralized Training
4.6.3 Main Results Under Federated Learning
4.6.4 The Effects of Key Hyper-Parameters
4.6.5 Ablation Study
4.7 Conclusion
References
5 Protecting Intellectual Property of Machine Learning Models via Fingerprinting the Classification Boundary
5.1 Introduction
5.2 Related Works
5.2.1 Watermarking for IP Protection
5.2.2 Classification Boundary
Preface
Contents
Contributors
About the Editors
Acronyms
Mathematical Notation
Fundamentals
Machine Learning
Model Watermarking
Part I Preliminary
1 Introduction
1.1 Why Digital Watermarking for Machine Learning Models?
1.2 How Digital Watermarking Is Used for Machine Learning Models?
1.2.1 Techniques
1.2.2 Protocols
1.2.3 Applications
1.3 Related Work
1.3.1 White-Box Watermarks
1.3.2 Black-Box Watermarks
1.3.3 Neural Network Fingerprints
1.4 About This Book
References
2 Ownership Verification Protocols for Deep Neural Network Watermarks
2.1 Introduction
2.2 Security Formulation
2.2.1 Functionality Preserving
2.2.2 Accuracy and Unambiguity
2.2.3 Persistency
2.2.4 Other Security Requirements
2.3 The Ownership Verification Protocol for DNN
2.3.1 The Boycotting Attack and the Corresponding Security
2.3.2 The Overwriting Attack and the Corresponding Security
2.3.3 Evidence Exposure and the Corresponding Security
2.3.4 A Logic Perspective of the OV Protocol
2.3.5 Remarks on Advanced Protocols
2.4 Conclusion
References
Part II Techniques
3 Model Watermarking for Deep Neural Networks of ImageRecovery
3.1 Introduction
3.2 Related Works
3.2.1 White-Box Model Watermarking
3.2.2 Black-Box Model Watermarking
3.3 Problem Formulation
3.3.1 Notations and Definitions
3.3.2 Principles for Watermarking Image Recovery DNNs
3.3.3 Model-Oriented Attacks to Model Watermarking
3.4 Proposed Method
3.4.1 Main Idea and Framework
3.4.2 Trigger Key Generation
3.4.3 Watermark Generation
3.4.4 Watermark Embedding
3.4.5 Watermark Verification
3.4.6 Auxiliary Copyright Visualizer
3.5 Conclusion
References
4 The Robust and Harmless Model Watermarking
4.1 Introduction
4.2 Related Work
4.2.1 Model Stealing
4.2.2 Defenses Against Model Stealing
4.3 Revisiting Existing Model Ownership Verification
4.3.1 The Limitation of Dataset Inference
4.3.2 The Limitation of Backdoor-Based Watermarking
4.4 The Proposed Method Under Centralized Training
4.4.1 Threat Model and Method Pipeline
4.4.2 Model Watermarking with Embedded External Features
4.4.3 Training Ownership Meta-Classifier
4.4.4 Model Ownership Verification with Hypothesis Test
4.5 The Proposed Method Under Federated Learning
4.5.1 Problem Formulation and Threat Model
4.5.2 The Proposed Method
4.6 Experiments
4.6.1 Experimental Settings
4.6.2 Main Results Under Centralized Training
4.6.3 Main Results Under Federated Learning
4.6.4 The Effects of Key Hyper-Parameters
4.6.5 Ablation Study
4.7 Conclusion
References
5 Protecting Intellectual Property of Machine Learning Models via Fingerprinting the Classification Boundary
5.1 Introduction
5.2 Related Works
5.2.1 Watermarking for IP Protection
5.2.2 Classification Boundary