2021 IEEE International Conference on Image Processing
19-22 September 2021 • Anchorage, Alaska, USA
Imaging Without Borders
| Paper ID | IFS-2.10 | ||
| Paper Title | PERSISTENT WATERMARK FOR IMAGE CLASSIFICATION NEURAL NETWORKS BY PENETRATING THE AUTOENCODER | ||
| Authors | Fang-Qi Li, Shi-Lin Wang, Shanghai Jiao Tong University, China | ||
| Session | IFS-2: Information Forensics and Security | ||
| Location | Area K | ||
| Session Time: | Monday, 20 September, 15:30 - 17:00 | ||
| Presentation Time: | Monday, 20 September, 15:30 - 17:00 | ||
| Presentation | Poster | ||
| Topic | Information Forensics and Security: Watermarking and data hiding | ||
| IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
| Abstract | Deep neural networks for image processing, especially image classification, have become ubiquitous. To protect them as intellectual properties and standardize the commercialization of their service, watermarking schemes have been proposed to authenticate the author of models. Many black-box watermarking schemes insert a backdoor into the neural network by poisoning the training dataset. Their performance declines if the adversary who has stolen the model adds a noise reducer, in particular an autoencoder, to ruin the backdoor. To cope with this kind of piracy, we propose an enhanced watermarking scheme by using triggers that penetrates the adversary's autoencoder. The penetrative triggers are generated from a collection of shadow models that approximate the adversary's autoencoder, which is assumed to be hidden from the genuine host of the model. The proposed scheme is shown to be resistant to the filtering of autoencoders and significantly increase the robustness of copyright authentication. | ||