Survey on intellectual property protection for deep learning model
With the rapid development of deep learning technology, deep learning models have been widely used in many fields such as image classification and speech recognition.Training a deep learning model relies on a large amount of data and computing power, thus selling the trained model or providing speci...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2022-04-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022015 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529768773681152 |
|---|---|
| author | Xinya WANG Guang HUA Hao JIANG Haijian ZHANG |
| author_facet | Xinya WANG Guang HUA Hao JIANG Haijian ZHANG |
| author_sort | Xinya WANG |
| collection | DOAJ |
| description | With the rapid development of deep learning technology, deep learning models have been widely used in many fields such as image classification and speech recognition.Training a deep learning model relies on a large amount of data and computing power, thus selling the trained model or providing specific services (DLaaS, e.g.) has become a new business.However, the commercial interests of model trainers and the intellectual property rights of model developers may be violated if the model is maliciously stolen.With deep neural network watermarking becoming a new research topic, multimedia copyright protection techniques were used for deep learning model protection.Numerous methods have been proposed in this field and then a comprehensive survey is needed.the existing deep neural network watermarking methods were elaborated and summarized and the future research directions of this field were discussed.The overall framework of neural network watermarking was presented, whereby the basic concepts such as classification model and model backdoor were introduced.Secondly, the existing methods were divided into two types according to the mechanism of watermark embedding, one is to embed the watermark bits into the carrier of internal information of the network, and the other one uses the established backdoor mapping as the watermark.These two existing deep neural network watermarking methods were analyzed and summarized, and attacks to the watermarks were also introduced and discussed.By analyzing the white-box and black-box conditions in watermarking scenario, it comes to the conclusion that the model is difficult to be effectively protected when it is distributed in the white-box manner, and the neural network watermark defenses in the black-box distribution and black-box verification are both worthy for further research. |
| format | Article |
| id | doaj-art-14e3e28efdbe48ec8d282764aa78a58c |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2022-04-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-14e3e28efdbe48ec8d282764aa78a58c2025-01-15T03:15:26ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2022-04-01811459570307Survey on intellectual property protection for deep learning modelXinya WANGGuang HUAHao JIANGHaijian ZHANGWith the rapid development of deep learning technology, deep learning models have been widely used in many fields such as image classification and speech recognition.Training a deep learning model relies on a large amount of data and computing power, thus selling the trained model or providing specific services (DLaaS, e.g.) has become a new business.However, the commercial interests of model trainers and the intellectual property rights of model developers may be violated if the model is maliciously stolen.With deep neural network watermarking becoming a new research topic, multimedia copyright protection techniques were used for deep learning model protection.Numerous methods have been proposed in this field and then a comprehensive survey is needed.the existing deep neural network watermarking methods were elaborated and summarized and the future research directions of this field were discussed.The overall framework of neural network watermarking was presented, whereby the basic concepts such as classification model and model backdoor were introduced.Secondly, the existing methods were divided into two types according to the mechanism of watermark embedding, one is to embed the watermark bits into the carrier of internal information of the network, and the other one uses the established backdoor mapping as the watermark.These two existing deep neural network watermarking methods were analyzed and summarized, and attacks to the watermarks were also introduced and discussed.By analyzing the white-box and black-box conditions in watermarking scenario, it comes to the conclusion that the model is difficult to be effectively protected when it is distributed in the white-box manner, and the neural network watermark defenses in the black-box distribution and black-box verification are both worthy for further research.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022015neural network securitycopy right protection of neural networksblack-box watermarkingwhite-box watermarkingbackdoor watermarking |
| spellingShingle | Xinya WANG Guang HUA Hao JIANG Haijian ZHANG Survey on intellectual property protection for deep learning model 网络与信息安全学报 neural network security copy right protection of neural networks black-box watermarking white-box watermarking backdoor watermarking |
| title | Survey on intellectual property protection for deep learning model |
| title_full | Survey on intellectual property protection for deep learning model |
| title_fullStr | Survey on intellectual property protection for deep learning model |
| title_full_unstemmed | Survey on intellectual property protection for deep learning model |
| title_short | Survey on intellectual property protection for deep learning model |
| title_sort | survey on intellectual property protection for deep learning model |
| topic | neural network security copy right protection of neural networks black-box watermarking white-box watermarking backdoor watermarking |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022015 |
| work_keys_str_mv | AT xinyawang surveyonintellectualpropertyprotectionfordeeplearningmodel AT guanghua surveyonintellectualpropertyprotectionfordeeplearningmodel AT haojiang surveyonintellectualpropertyprotectionfordeeplearningmodel AT haijianzhang surveyonintellectualpropertyprotectionfordeeplearningmodel |