Study On Watermark Embedding Of Deep Neural Network Model

With the rapid development of artificial intelligence technology,neural network model has been widely used in many business fields such as robotics,finance,medicine and so on.Sharing pre-trained deep neural network model has always been an important means to promote the rapid development of research.But to create a production level of deep learning model is a special task,it requires a lot of valuable training data,powerful computing resources and professional human resources,therefore specially trained model should be important to their owners of private assets,the neural network model of the protection of intellectual property rights technology arises at the historic moment.This topic mainly studies the copyright protection of deep neural network model.The main contents and innovations are as follows:(1)The definition,classification and application of intellectual property protection technology of neural network model are summarized,and the basic framework and evaluation criteria of intellectual property protection method of neural network model are explained.Aiming at the problem of single watermarking form at present,the grayscale image with shape meaning is used as watermarking information to make it have intuitive visual characteristics,which can improve the robustness of model watermarking and enrich the watermarking form of neural network model.(2)Based on the form of image watermarking,a neural network model protection method based on visual watermarking is designed,and a neural network model protection framework based on F distribution visual watermarking is constructed.With black and white images as the original watermark information,first for watermark encryption and preprocessing.Then the watermark embedding of MLP,LeNet and WRN neural network models based on F distribution is studied.Finally,the watermarking of the network model is dynamically embedded without affecting the function of the neural netw ork model,and the watermarking is extracted and decrypted successfully.Experimental results show that compared with other traditional watermark embedding methods,the extracted authentication watermark images are closer to the original watermark information,and the characteristic information of the watermark is preserved more effectively.(3)Open deep neural network models often face many illegal attacks,so good anti-attack ability is also an important feature of model watermarking.By exploring the possible attack types of the deep neural network model,the expected robustness test of the watermarking method proposed in this paper is realized.Model fine-tuning,model compression and other methods were used to test the attack,and the attack scenario of model watermarking scheme was designed and described in detail,and the comparative evaluation test was carried out.Experimental results show that the proposed watermarking method has good robustness and can effectively resist common watermarking removal attacks.