Research And Implementation Of Model Copyright Protection Method Based On Orthogonal Constraint

With the development of technology,deep learning models have been widely applied in fields such as autonomous driving and image recognition.However,training a high-performing model is tough,requiring model trainers to possess rich prior knowledge in data annotation,preprocessing loss function design,and network structure construction.Similarly,a large amount of time and computing resources are required during the model training phase,making the training cost expensive.Such models are vulnerable to attacks and can be illegally replicated and distributed,causing copyright infringement and economic damage to the model trainers.Neural network watermarking is a major means of protecting the copyright of deep learning models.However,current methods have limitations such as weak security,vulnerability to weight-based attacks,and reduced model accuracy due to enhanced watermark-function association.In this paper,the proposed model copyright protection method is highly correlated,robust,and does not compromise model performance.Based on this method and the existing general black-box watermarking method,a neural network watermarking system has been developed.The main contributions are as follows:(1)A neural network watermark embedding and verification method based on orthogonal constraints is proposed,which consists of two parts: watermark embedding and copyright verification.During the watermark embedding phase,we first construct a new layer to enhance the association between the watermark and the model structure,making the watermark challenging to remove.Then,by combining the watermark constraint feature vectors,we make some feature vectors orthogonal to improve the robustness of the watermark,promote feature diversity,and improve model performance.Watermark extraction does not depend on specified datasets during the copyright verification phase.After inputting model task samples,the watermark is extracted by analyzing the correlation of the feature vectors.Since the watermark exists in the abstract internal correlation form,it reduces the dependence on weights.Experimental results show that the watermark is highly robust,and this method meets fidelity,reliability,completeness,and robustness requirements,effectively resisting forgery attacks.(2)A neural network watermarking system that supports watermark embedding and copyright verification is designed and implemented.This system integrates the white-box watermarking method proposed in this paper and the existing general black-box watermarking method,providing services such as watermark embedding,copyright verification,and watermark robustness testing under two methods.It includes trigger set creation,custom model structure construction,visual training,model management,and model/image uploading and downloading.The system uses the Vue+Flask front-end and back-end separation development framework to reduce coupling between the front-end and back-end.It uses My SQL to manage data,effectively achieving online storage of models and trigger samples.The development of the system provides support for the protection of model copyright,making the watermark embedding and verification process more straightforward,optimizing model management,and improving user efficiency.