Towards the Resistance of Neural Network Watermarking to Fine-tuning
By: Ling Tang , Yuefeng Chen , Hui Xue and more
Potential Business Impact:
Protects computer brains from being copied.
This paper proves a new watermarking method to embed the ownership information into a deep neural network (DNN), which is robust to fine-tuning. Specifically, we prove that when the input feature of a convolutional layer only contains low-frequency components, specific frequency components of the convolutional filter will not be changed by gradient descent during the fine-tuning process, where we propose a revised Fourier transform to extract frequency components from the convolutional filter. Additionally, we also prove that these frequency components are equivariant to weight scaling and weight permutations. In this way, we design a watermark module to encode the watermark information to specific frequency components in a convolutional filter. Preliminary experiments demonstrate the effectiveness of our method.
Similar Papers
Hashed Watermark as a Filter: Defeating Forging and Overwriting Attacks in Weight-based Neural Network Watermarking
Cryptography and Security
Protects computer brains from being stolen or changed.
Persistence of Backdoor-based Watermarks for Neural Networks: A Comprehensive Evaluation
Machine Learning (CS)
Restores hidden codes in smart programs after changes.
Protecting Intellectual Property of EEG-based Neural Networks with Watermarking
Machine Learning (CS)
Protects brain-reading computer programs from being stolen.