Leveraging Multi-task Learning for Unambiguous and Flexible Deep Neural Network Watermarking
Abstract
Deep neural networks are playing an important role in many real-life applications. An important prerequisite in commercializing deep neural networks is the identification of their genuine owners. Therefore, watermarking schemes that embed the owner’s identity information into the models have been proposed. However, current schemes cannot meet all the security requirements such as unambiguity and are inflexible since most of them focus on classification models. To meet the formal definitions of the security requirements and increase the applicability of deep neural network watermarking schemes, we propose a new method, MTLSign, based on multi-task learning. By treating the watermark embedding as an extra task, the security requirements are explicitly formulated and met with well-designed regularizers and components from cryptography. Experiments have demonstrated that MTLSign is flexible and robust for practical security in machine learning applications.
This paper presents MTLSign, an MTL-based DNN watermarking scheme. We examine the basic security requirements for the DNN watermark, especially the unambiguity, and propose to embed the watermark as an additional task.
The proposed scheme explicitly meets security requirements by corresponding regularizers. With a decentralized consensus protocol, MTLSign is secure against adaptive attacks. It is true that like any other white-box DNN watermarking scheme, MTLSign remains vulnerable to functionality equivalence attacks such as the neuron permutation. This is one of the aspects that require further effort to increase the applicability of DNN watermarks.
Lei Yang
PhD candidate
My research interests include visual speech recognition and semantics segmentation.