| With the rapid development of artificial intelligence technology,deep learning is widely used in many fields,and deep neural network model plays an important role in it.The construction of deep neural network model needs constant experiment and optimization,and a lot of time and calculation are invested.However,the deep model with great value is easy to be copied and infringed.Therefore,it is particularly important to study how to protect the intellectual properly of the deep neural network model with good performance.Watermarking technology is one of the important means to protect the copyright of deep neural network model.In this dissertation.a special trigger set is designed by using information hiding technology,and an image classification model copyright protection algorithm based on trigger set is proposed.Combined with the zero-watermarking technology of image copyright protection,a zero-watermarking scheme for copyright protection of neural network model is proposed.The main work of this dissertation is as follows:(1)Aiming at the weak security of neural network model watermarking,this dissertation proposes a black-box watermarking algorithm for copyright protection of image classification model based on trigger set.The algorithm uses information hiding technology to hide the author’s copyright information into a few abstract samples different from the original training data,and trains with the task samples.On the basis of ensuring the accuracy of the original model,the watermark is embedded into the Deep Neural Network(DNN).Testing experiments were conducted on networks such as VGG.ResNet,and GoogLeNet,and the results showed that the algorithm is suitable for copyright protection of models in elassification tasks,can resist model modification attacks,and ensures the security of neural network model watermarks.(2)Although the traditional embedded watermarking method ensures the security of the watermark,it also affects the accuracy of the output results.To solve this problem,this dissertation proposes a neural network model copyright protection algorithm based on zerowatermarking.Firstly,the algorithm extracts the feature map of neural network,scrambles the copyright image by Arnold scrambling method to increase security,and then constructs a zero watermark through XOR operation and carries out copyright authentication.The zero watermark method proposed in this paper was used to test VGG and ResNet networks on the CIFAR-10 dataset.The experimental results showed that the algorithm can meet the requirements of model copyright protection while ensuring the performance of the network model is not affected. |
PDF Full Text Request