A Novel Watermarking Framework for Ownership Verification of DNN Architectures

Xiaoxuan Lou; Shangwei Guo; Tianwei Zhang; Jiwei Li; Yinqian Zhang; Yang Liu

A Novel Watermarking Framework for Ownership Verification of DNN Architectures

Xiaoxuan Lou, Shangwei Guo, Tianwei Zhang, Jiwei Li, Yinqian Zhang, Yang Liu

29 Sept 2021 (modified: 13 Feb 2023)ICLR 2022 Conference Withdrawn SubmissionReaders: Everyone

Abstract: We present a novel watermarking scheme to achieve the intellectual property (IP) protection and ownership verification of DNN architectures. Existing works all embedded watermarks into the model parameters while treating the architecture as public property. These solutions were proven to be vulnerable by an adversary to detect or remove the watermarks. In contrast, we are the first to claim model architectures as an important IP for model owners, and propose to implant watermarks into the architectures. We design new algorithms based on Neural Architecture Search (NAS) to generate watermarked architectures, which are unique enough to represent the ownership, while maintaining high model usability. Such watermarks can be extracted via side-channel-based model extraction techniques with high fidelity. Extensive evaluations show our scheme has negligible impact on the model performance, and exhibits strong robustness against various model transformations and adaptive attacks.

One-sentence Summary: We present a novel watermarking scheme to achieve the intellectual property (IP) protection and ownership verification of DNN architectures.

6 Replies

Loading