Autor segons l'article: Jebreel, Najeeb Moharram; Domingo-Ferrer, Josep; Sanchez, David; Blanco-Justicia, Alberto
Departament: Enginyeria Informàtica i Matemàtiques
e-ISSN: 2076-3417
Autor/s de la URV: Blanco Justicia, Alberto / Domingo Ferrer, Josep / Jebreel, Najeeb Moharram Salim / Sánchez Ruenes, David
Paraules clau: Watermarking Security and privacy Private model Ownership Intellectual property Deep learning models
Resum: © 2021 by the authors. Licensee MDPI, Basel, Switzerland. Many organizations devote significant resources to building high-fidelity deep learning (DL) models. Therefore, they have a great interest in making sure the models they have trained are not appropriated by others. Embedding watermarks (WMs) in DL models is a useful means to protect the intellectual property (IP) of their owners. In this paper, we propose KeyNet, a novel watermarking framework that satisfies the main requirements for an effective and robust watermarking. In KeyNet, any sample in a WM carrier set can take more than one label based on where the owner signs it. The signature is the hashed value of the owner’s information and her model. We leverage multitask learning (MTL) to learn the original classification task and the watermarking task together. Another model (called the private model) is added to the original one, so that it acts as a private key. The two models are trained together to embed the WM while preserving the accuracy of the original task. To extract a WM from a marked model, we pass the predictions of the marked model on a signed sample to the private model. Then, the private model can provide the position of the signature. We perform an extensive evaluation of KeyNet’s performance on the CIFAR10 and FMNIST5 data sets and prove its effectiveness and robustness. Empirical results show that KeyNet preserves the utility of the original task and embeds a robust WM.
Àrees temàtiques: Química Process chemistry and technology Physics, applied Materials science, multidisciplinary Materials science (miscellaneous) Materials science (all) Materiais Instrumentation General materials science General engineering Fluid flow and transfer processes Engineering, multidisciplinary Engineering (miscellaneous) Engineering (all) Engenharias ii Engenharias i Computer science applications Ciências biológicas iii Ciências biológicas ii Ciências biológicas i Ciências agrárias i Ciência de alimentos Chemistry, multidisciplinary Biodiversidade Astronomia / física
Accès a la llicència d'ús: https://creativecommons.org/licenses/by/3.0/es/
Adreça de correu electrònic de l'autor: najeeb.jebreel@urv.cat alberto.blanco@urv.cat najeeb.jebreel@urv.cat david.sanchez@urv.cat josep.domingo@urv.cat
Identificador de l'autor: 0000-0002-1108-8082 0000-0001-7275-7887 0000-0001-7213-4962
Data d'alta del registre: 2024-10-12
Volum de revista: 11
Versió de l'article dipositat: info:eu-repo/semantics/publishedVersion
Enllaç font original: https://www.mdpi.com/2076-3417/11/3/999
URL Document de llicència: https://repositori.urv.cat/ca/proteccio-de-dades/
Referència a l'article segons font original: Applied Sciences-Basel. 11 (3): 999-22
Referència de l'ítem segons les normes APA: Jebreel, Najeeb Moharram; Domingo-Ferrer, Josep; Sanchez, David; Blanco-Justicia, Alberto (2021). Keynet: An asymmetric key-style framework for watermarking deep learning models. Applied Sciences-Basel, 11(3), 999-22. DOI: 10.3390/app11030999
DOI de l'article: 10.3390/app11030999
Entitat: Universitat Rovira i Virgili
Any de publicació de la revista: 2021
Tipus de publicació: Journal Publications
Repositori URV