| In recent years,applications based on deep learning have been inseparable from people's production and life.In the contemporary era where applications are developing very rapidly,how to protect the internal deep learning model from being stolen has become one of the hot issues that researchers pay attention to.Using watermark images to provide detection for deep learning models is an effective method,but the current generation of watermark images requires retraining the model,and this process easily affects the recognition effect of the model on other images.After analyzing the role and characteristics of watermark images,this paper proposes a method of copyright protection of deep learning models based on identifiable adversarial examples,and the generated identifiable adversarial examples can be used as watermark images.The main contents are given as follows.(1)Explore the effect of pixel changes on the recognition effect of deep learning models.Experiments were carried out on five classic pre-trained deep learning models,and the experimental results showed that the current deep learning models are sensitive to few pixel changes;(2)Based on the model's sensitivity to few pixel changes,combined with the signature mechanism in cryptography,two identifiable adversarial example construction schemes are proposed so that it can generate adversarial examples correctly identified by a specific classifier.The adversarial examples generated by the scheme do not need to retrain the model,and ease of use;(3)The two identifiable adversarial example solutions proposed in this paper are encoded and implemented,and the corresponding identifiable adversarial examples are output.The experimental results show that the identifiable adversarial examples generated in this paper are not significantly different from the normal images,and can be correctly identified by a specific classifier,and can be used as a watermark image in the copyright protection of deep learning models. |
PDF Full Text Request