Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
134 tokens/sec
GPT-4o
10 tokens/sec
Gemini 2.5 Pro Pro
47 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

FedReverse: Multiparty Reversible Deep Neural Network Watermarking (2312.05738v1)

Published 10 Dec 2023 in cs.CR and cs.AI

Abstract: The proliferation of Deep Neural Networks (DNN) in commercial applications is expanding rapidly. Simultaneously, the increasing complexity and cost of training DNN models have intensified the urgency surrounding the protection of intellectual property associated with these trained models. In this regard, DNN watermarking has emerged as a crucial safeguarding technique. This paper presents FedReverse, a novel multiparty reversible watermarking approach for robust copyright protection while minimizing performance impact. Unlike existing methods, FedReverse enables collaborative watermark embedding from multiple parties after model training, ensuring individual copyright claims. In addition, FedReverse is reversible, enabling complete watermark removal with unanimous client consent. FedReverse demonstrates perfect covering, ensuring that observations of watermarked content do not reveal any information about the hidden watermark. Additionally, it showcases resistance against Known Original Attacks (KOA), making it highly challenging for attackers to forge watermarks or infer the key. This paper further evaluates FedReverse through comprehensive simulations involving Multi-layer Perceptron (MLP) and Convolutional Neural Networks (CNN) trained on the MNIST dataset. The simulations demonstrate FedReverse's robustness, reversibility, and minimal impact on model accuracy across varying embedding parameters and multiple client scenarios.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (40)
  1. Y. LeCun, Y. Bengio, and G. Hinton, “Deep learning,” nature, vol. 521, no. 7553, pp. 436–444, 2015.
  2. A. Kamilaris and F. X. Prenafeta-Boldú, “Deep learning in agriculture: A survey,” Computers and electronics in agriculture, vol. 147, pp. 70–90, 2018.
  3. Y. Guo, Y. Liu, A. Oerlemans, S. Lao, S. Wu, and M. S. Lew, “Deep learning for visual understanding: A review,” Neurocomputing, vol. 187, pp. 27–48, 2016.
  4. W. Samek, G. Montavon, S. Lapuschkin, C. J. Anders, and K. Müller, “Explaining deep neural networks and beyond: A review of methods and applications,” Proceedings of the IEEE, vol. 109, no. 3, pp. 247–278, 2021.
  5. W. Tang, B. Li, M. Barni, J. Li, and J. Huang, “An automatic cost learning framework for image steganography using deep reinforcement learning,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 952–967, 2021.
  6. M. Jagielski, N. Carlini, D. Berthelot, A. Kurakin, and N. Papernot, “High accuracy and high fidelity extraction of neural networks,” in 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, pp. 1345–1362, 2020.
  7. N. Carlini, M. Jagielski, and I. Mironov, “Cryptanalytic extraction of neural network models,” in Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17-21, 2020, Proceedings, Part III, pp. 189–218, 2020.
  8. M. Juuti, B. G. Atli, and N. Asokan, “Making targeted black-box evasion attacks effective and efficient,” in Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, AISec@CCS 2019, London, UK, November 15, 2019, pp. 83–94, 2019.
  9. M. Barni, F. Pérez-González, and B. Tondi, “DNN watermarking: Four challenges and a funeral,” in IH&MMSec ’21: ACM Workshop on Information Hiding and Multimedia Security, Virtual Event, Belgium, June, 22-25, 2021, pp. 189–196, 2021.
  10. Y. Adi, C. Baum, M. Cissé, B. Pinkas, and J. Keshet, “Turning your weakness into a strength: Watermarking deep neural networks by backdooring,” in 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, pp. 1615–1631, 2018.
  11. F. Regazzoni, P. Palmieri, F. Smailbegovic, R. Cammarota, and I. Polian, “Protecting artificial intelligence ips: a survey of watermarking and fingerprinting for machine learning,” CAAI Transactions on Intelligence Technology, vol. 6, no. 2, pp. 180–191, 2021.
  12. K. Krishna, G. S. Tomar, A. P. Parikh, N. Papernot, and M. Iyyer, “Thieves on sesame street! model extraction of bert-based apis,” in 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, April 26-30, 2020, 2020.
  13. B. D. Rouhani, H. Chen, and F. Koushanfar, “Deepsigns: An end-to-end watermarking framework for ownership protection of deep neural networks,” in Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019, Providence, RI, USA, April 13-17, 2019, pp. 485–497, 2019.
  14. Y. Li, H. Wang, and M. Barni, “A survey of deep neural network watermarking techniques,” Neurocomputing, vol. 461, pp. 171–193, 2021.
  15. J. Zhang, Z. Gu, J. Jang, H. Wu, M. P. Stoecklin, H. Huang, and I. Molloy, “Protecting intellectual property of deep neural networks with watermarking,” in Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 159–172, 2018.
  16. Y. Uchida, Y. Nagai, S. Sakazawa, and S. Satoh, “Embedding watermarks into deep neural networks,” in Proceedings of the 2017 ACM on international conference on multimedia retrieval, pp. 269–277, 2017.
  17. J. Tian, “Reversible data embedding using a difference expansion,” IEEE transactions on circuits and systems for video technology, vol. 13, no. 8, pp. 890–896, 2003.
  18. J. Qin, S. Lyu, J. Deng, X. Liang, S. Xiang, and H. Chen, “A lattice-based embedding method for reversible audio watermarking,” IEEE Transactions on Dependable and Secure Computing, pp. 1–12, 2023.
  19. M. Gong, J. Feng, and Y. Xie, “Privacy-enhanced multi-party deep learning,” Neural Networks, vol. 121, pp. 484–496, 2020.
  20. S. Lyu, “Optimized dithering for quantization index modulation,” in ICASSP 2023-2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1–5, 2023.
  21. J. Qin, F. Yang, J. Deng, and S. Lyu, “Reversible deep neural network watermarking: Matching the floating-point weights,” arXiv preprint arXiv:2305.17879, 2023.
  22. X. Li, J. Liu, J. Sun, X. Yang, and W. Liu, “Multiple watermarking algorithm based on spread transform dither modulation,” arXiv preprint arXiv:1601.04522, 2016.
  23. F. Li, S. Wang, and Y. Zhu, “Solving the capsulation attack against backdoor-based deep neural network watermarks by reversing triggers,” CoRR, vol. abs/2208.14127, 2022.
  24. C. Zhang, Y. Xie, H. Bai, B. Yu, W. Li, and Y. Gao, “A survey on federated learning,” Knowledge-Based Systems, vol. 216, p. 106775, 2021.
  25. B. Han, R. H. Jhaveri, H. Wang, D. Qiao, and J. Du, “Application of robust zero-watermarking scheme based on federated learning for securing the healthcare data,” IEEE J. Biomed. Health Informatics, vol. 27, no. 2, pp. 804–813, 2023.
  26. J. Chen, M. Li, Y. Cheng, and H. Zheng, “Fedright: An effective model copyright protection for federated learning,” Computers & Security, vol. 135, p. 103504, 2023.
  27. B. G. Tekgul, Y. Xia, S. Marchal, and N. Asokan, “Waffle: Watermarking in federated learning,” in 2021 40th International Symposium on Reliable Distributed Systems (SRDS), pp. 310–320, 2021.
  28. B. Li, L. Fan, H. Gu, J. Li, and Q. Yang, “Fedipr: Ownership verification for federated deep neural network models,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 45, no. 4, pp. 4521–4536, 2022.
  29. X. Liu, S. Shao, Y. Yang, K. Wu, W. Yang, and H. Fang, “Secure federated learning model verification: A client-side backdoor triggered watermarking scheme,” in 2021 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 2414–2419, 2021.
  30. W. Yang, S. Shao, Y. Yang, X. Liu, Z. Xia, G. Schaefer, and H. Fang, “Watermarking in secure federated learning: A verification framework based on client-side backdooring,” arXiv preprint arXiv:2211.07138, 2022.
  31. S. Shao, W. Yang, H. Gu, J. Lou, Z. Qin, L. Fan, Q. Yang, and K. Ren, “Fedtracker: Furnishing ownership verification and traceability for federated learning model,” CoRR, vol. abs/2211.07160, 2022.
  32. A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and A. Vladu, “Towards deep learning models resistant to adversarial attacks,” in 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, April 30 - May 3, 2018, Conference Track Proceedings, 2018.
  33. N. Lukas, E. Jiang, X. Li, and F. Kerschbaum, “Sok: How robust is image classification deep neural network watermarking?” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, pp. 787–804, 2022.
  34. K. Liu, B. Dolan-Gavitt, and S. Garg, “Fine-pruning: Defending against backdooring attacks on deep neural networks,” in Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Heraklion, Crete, Greece, September 10-12, 2018, Proceedings, pp. 273–294, 2018.
  35. M. Zhu and S. Gupta, “To prune, or not to prune: Exploring the efficacy of pruning for model compression,” in 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, April 30 - May 3, 2018, Workshop Track Proceedings, 2018.
  36. M. Shafieinejad, N. Lukas, J. Wang, X. Li, and F. Kerschbaum, “On the robustness of backdoor-based watermarking in deep neural networks,” in IH&MMSec ’21: ACM Workshop on Information Hiding and Multimedia Security, Virtual Event, Belgium, June, 22-25, 2021, pp. 177–188, 2021.
  37. N. Papernot, P. D. McDaniel, A. Sinha, and M. P. Wellman, “Sok: Security and privacy in machine learning,” in 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, London, United Kingdom, April 24-26, 2018, pp. 399–414, 2018.
  38. C. E. Shannon, “Communication theory of secrecy systems,” The Bell system technical journal, vol. 28, no. 4, pp. 656–715, 1949.
  39. F. Cayre, C. Fontaine, and T. Furon, “Watermarking security: theory and practice,” IEEE Transactions on signal processing, vol. 53, no. 10, pp. 3976–3987, 2005.
  40. Y. LeCun, L. Bottou, Y. Bengio, and P. Haffner, “Gradient-based learning applied to document recognition,” Proceedings of the IEEE, vol. 86, no. 11, pp. 2278–2324, 1998.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now