Go to ICAIP 2020 homepageThe Multi-Watermarks Attack of DNN Watermarking
Abstract: Deep learning models are widely used in business scenarios and have achieved some success. It is usually time or computing consuming to build a production-level deep learning model. As a result, such models require copyright protection by watermarks. So the security of watermarks is important. In this paper, multi-watermarks attack, which can prevent the model owner from declaring his ownership of the model, is proposed. In special cases, it can completely remove the watermarks which are based on the output of models and it can decrease the watermark accuracy down to less than 15% with only 5 rounds of retraining. Besides, it can also be used to remove the backdoor in models or decrease the task accuracy of models.
0 Replies
Loading