Research On Neural Network Watermarking Method Based On Model Parameters

The rapid development of deep learning technology has promoted the development of finance,medical care,and autonomous driving,and developers have developed many excellent performance models in these fields.These models are trained by developers who spend a lot of time,strong computing resources,and expensive data sets.However,as digital products,the deep learning model is easy to be copied by malicious users and slightly modified to provide piracy services.This is an infringement of the intellectual property of deep learning models.Therefore,some scholars have proposed to apply digital watermarking technology to the field of deep learning model intellectual property protection,and digital watermarking technology has made some good progress in this field.However,it still faces various problems in practical applications,specifically reflected in the lack of robustness,concealment,and security performance.In view of the above problems,the thesis proposes a neural network watermarking method based on the internal mechanism of the model and does in-depth research.The main contents of this thesis are as follows:(1)Model watermark embedding and extraction method based on importance weight of neural networkAiming at the problem of removing the watermark by robustness attack,combined with the existing white-box watermarking methods based on the internal weight of the model,this paper analyzed the limitations of the watermark of the pruning attack model,and converted the limitations into the advantages of watermark embedding.A small amount and important weights in the deep neural network model is selected to embed the watermark,and then the model with watermark is obtained by fine-tuning the model with parameter regularization.The experimental results show that it does not affect the original performance of the model,and the threat model experimental evaluation is carried out.The experimental results show that the robustness of the watermark is basically stable after being attacked.(2)Model watermark embedding and extraction method based on neural network filter graftingIn order to solve the two problems of concealment attack malicious detection of watermark and watermark forgery,which will indirectly destroy the robustness of the model watermark,a combined verification method is used.The trained verification model has the same structure as the protected model.The attacker does not have the specific verification data set or training ability of the model owner,so is not difficult to forge the embedded watermark in the same way,so it is not easy to suffer from the ambiguous attack of the attacker.The parameter distribution of the filter is similar to the parameter distribution of the model to be embedded,so that the attacker is not easy to detect the existence of the watermark.Combined with the filter grafting technology,the watermark is embedded into the target model.Finally,the threat model experimental evaluation of the designed watermarking method is carried out.The experimental results show that the proposed method has good robustness,concealment and security.