Go to IWDW 2021 homepageMasterFace Watermarking for IPR Protection of Siamese Network for Face Verification
Abstract: Deep Neural Network (DNN) watermarking is receiving increasing attention as means to protect the Intellectual Property Rights (IPR) of DNN models. Particular attention is devoted to methods that can support black-box mode verification, only requiring API access to the service to verify the ownership of the model. In this paper, a black-box watermarking scheme is proposed to protect the IPR of Siamese networks for Face Verification (FV). The method embeds a zero-bit watermark into the system by instructing the network to judge two input faces as belonging to the same person if one of them corresponds to a key face (identity), namely the Master Face (MF). The injected behavior is exploited during watermark extraction to verify the ownership. Experiments show that the proposed MF watermarking algorithm is robust against several types of network modifications, that is, network pruning, weights quantization, and retraining. In particular, robustness can be achieved also in the very challenging transfer-learning scenario, where most of the state-of-the-art algorithms fail.
0 Replies
Loading