Research On Neural Network Watermarking Method Towards GAN Model

Generative Adversarial Networks(GAN)is a breakthrough deep learning model.Recently,GAN has been actively applied to various research fields and has made good progress.In practice,training GAN models requires large datasets and a large amount of computing power.Therefore,how to protect the GAN model with huge cost training from being stolen has become an urgent problem to be solved.At present,some researchers have proposed an effective neural network watermarking method to prove the ownership of the stolen model and realize intellectual property protection.However,most of these methods protect the neural network models for the classification task,which can not be well applied to GAN.In view of the lack of research on the existing neural network watermarking on GAN model,this paper proposes two model watermarking methods for GAN model research.Firstly,a black-box watermarking method for GAN is proposed for a model scene that generates images according to feature control.In this method,the watermark validation image and label are used to generate trigger sets,and the watermarked GAN model is trained together with the original datasets so that intellectual property protection can be realized by triggering watermark with label.At the same time,in the verification process,the synthetic watermark can be triggered successfully only when the verifier enters the correct watermark label,which ensures the security of the watermark.Experiments on CIFAR10 and Danbooru2018 datasets verify that the proposed method can generate high-quality watermark images for intellectual property verification without affecting the performance of the original model,and the proposed method is robust to model fine-tuning and model compression in the face of watermark attacks.Secondly,embedding watermark into outputs of model,a lightweight GAN watermarking without label is proposed.In this method,the invisible watermark is embedded in the training set and the watermark loss function is optimized so that the trained neural network can complete the original model image generation task and embed the invisible watermark in every output image.The watermark can be extracted only through the special watermark algorithm and the corresponding key.This method only needs to collect images generated by model to extract watermarks and does not need to operate the structure of the model.At the same time,the watermark task is trained by adding watermark loss function during embedding.Different from the GAN watermark method proposed before,this method does not require an additional watermarking network.Experiments on Celeb A and LSUM bedroom datasets show that the proposed method has a good watermark extraction rate and is robust to model fine-tuning,model compression,image watermarking attack cropping,noise,and occlusion.