Author, as appears in the article.: Jebreel NM; Domingo-Ferrer J; Sánchez D; Blanco-Justicia A

Department: Enginyeria Informàtica i Matemàtiques

e-ISSN: 2076-3417

URV's Author/s: Blanco Justicia, Alberto / Domingo Ferrer, Josep / Jebreel, Najeeb Moharram Salim / Sánchez Ruenes, David

Keywords: Watermarking Security and privacy Private model Ownership Intellectual property Deep learning models

Abstract: © 2021 by the authors. Licensee MDPI, Basel, Switzerland. Many organizations devote significant resources to building high-fidelity deep learning (DL) models. Therefore, they have a great interest in making sure the models they have trained are not appropriated by others. Embedding watermarks (WMs) in DL models is a useful means to protect the intellectual property (IP) of their owners. In this paper, we propose KeyNet, a novel watermarking framework that satisfies the main requirements for an effective and robust watermarking. In KeyNet, any sample in a WM carrier set can take more than one label based on where the owner signs it. The signature is the hashed value of the owner’s information and her model. We leverage multitask learning (MTL) to learn the original classification task and the watermarking task together. Another model (called the private model) is added to the original one, so that it acts as a private key. The two models are trained together to embed the WM while preserving the accuracy of the original task. To extract a WM from a marked model, we pass the predictions of the marked model on a signed sample to the private model. Then, the private model can provide the position of the signature. We perform an extensive evaluation of KeyNet’s performance on the CIFAR10 and FMNIST5 data sets and prove its effectiveness and robustness. Empirical results show that KeyNet preserves the utility of the original task and embeds a robust WM.

Thematic Areas: Química Process chemistry and technology Physics, applied Materials science, multidisciplinary Materials science (miscellaneous) Materials science (all) Materiais Instrumentation General materials science General engineering Fluid flow and transfer processes Engineering, multidisciplinary Engineering (miscellaneous) Engineering (all) Engenharias ii Engenharias i Computer science applications Ciências biológicas iii Ciências biológicas ii Ciências biológicas i Ciências agrárias i Ciência de alimentos Chemistry, multidisciplinary Biodiversidade Astronomia / física

licence for use: https://creativecommons.org/licenses/by/3.0/es/

Author's mail: najeeb.jebreel@urv.cat alberto.blanco@urv.cat josep.domingo@urv.cat david.sanchez@urv.cat najeeb.jebreel@urv.cat

Author identifier: 0000-0002-1108-8082 0000-0001-7213-4962 0000-0001-7275-7887

Record's date: 2023-02-23

Journal volume: 11

Papper version: info:eu-repo/semantics/publishedVersion

Link to the original source: https://www.mdpi.com/2076-3417/11/3/999

Licence document URL: http://repositori.urv.cat/ca/proteccio-de-dades/

Papper original source: Applied Sciences-Basel. 11 (3): 1-22

APA: Jebreel NM; Domingo-Ferrer J; Sánchez D; Blanco-Justicia A (2021). Keynet: An asymmetric key-style framework for watermarking deep learning models. Applied Sciences-Basel, 11(3), 1-22. DOI: 10.3390/app11030999

Article's DOI: 10.3390/app11030999

Entity: Universitat Rovira i Virgili

Journal publication year: 2021

Publication Type: Journal Publications