Research On Watermarking Of Deep Learning Models Based On Chaotic Automatic Annotation

With the rapid development of artificial intelligence,the protection of intellectual property rights of deep learning models has attracted widespread attention from scientists and engineers.The black-box watermarking scheme of deep learning models has been favored by many scholars due to its many advantages.The key to the black-box watermarking scheme is the design of the trigger set.However,the design of most trigger sets has not guarantee its confidentiality and security.In this article,we turn the focus of trigger set design from the data content of the trigger set to the data annotation,and propose a confidential black-box watermarking scheme of deep learning models based on trigger set chaotic automatic annotation.Chaos has many superior features,such as sensitivity to initial values,non-periodic behavior,and long-term unpredictability of chaotic sequences.It has been widely used in the field of data security.By applying these characteristics of chaos to trigger set annotation,we can make up for the shortcomings of existing black-box watermarking schemes.First of all,this scheme labels the trigger set by the chaotic automatic data annotation method,and provides a confidential and safe trigger set design scheme.On the one hand,the chaotic automatic annotation scheme of the trigger set guarantees the non-generalization of the watermark.In the case of not knowing the relevant equations and parameters,the attackers cannot reconstruct the chaotic annotation scheme and create a trigger set that meets the characteristics of our watermark.On the other hand,the trigger set chaotic automatic annotation scheme guarantees the separation of the trigger set and the key,which is different from the design mode that the trigger set is the key in the existing schemes.The initial value and parameters of the chaotic system are designed as our key in the scheme to ensure the separation of the key and the trigger set.Secondly,the chaotic automatic data annotation scheme can promote the commercialization of deep learning models.On the one hand,the initial value and parameters of chaos provide the scheme with a large range of key spaces,which can ensure that each merchant or user is assigned with a unique watermark key.On the other hand,compared with existing solutions,automatic annotation of trigger sets can save time and human resources for model creators,and provide greater possibilities for the commercialization of intelligent models.Finally,we conducted chaotic automatic annotation experiment of trigger set on two datasets and six watermarks of different lengths.We also evaluated our model through fidelity,effectiveness,integrity,robustness,safety and practicality.Experiments and simulations show that the scheme is effective,safe and robust.It can resist many attacks,such as fine-tuning attacks,compression attacks and overwriting attacks.