Robust Model Watermarking for Image Processing Networks via Structure Consistency

Robust Model Watermarking for Image Processing Networks via Structure Consistency

The intellectual property of deep networks can be easily "stolen" by surrogate model attack. There has been significant progress in protecting the model IP in classification tasks. However, little attention has been devoted to the protection of image processing models. By utilizing consist...

Ausführliche Beschreibung

Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on pattern analysis and machine intelligence. - 1979. - 46(2024), 10 vom: 25. Okt., Seite 6985-6992
1. Verfasser: Zhang, Jie (VerfasserIn)
Weitere Verfasser: Chen, Dongdong, Liao, Jing, Ma, Zehua, Fang, Han, Zhang, Weiming, Feng, Huamin, Hua, Gang, Yu, Nenghai
Format: Online-Aufsatz
Sprache:English
Veröffentlicht: 2024
Zugriff auf das übergeordnete Werk:IEEE transactions on pattern analysis and machine intelligence
Schlagworte:Journal Article
LEADER 01000caa a22002652c 4500
001 NLM370164628
003 DE-627
005 20250305235506.0
007 cr uuu---uuuuu
008 240327s2024 xx |||||o 00| ||eng c
024 7 |a 10.1109/TPAMI.2024.3381543  |2 doi 
028 5 2 |a pubmed25n1233.xml 
035 |a (DE-627)NLM370164628 
035 |a (NLM)38526903 
040 |a DE-627  |b ger  |c DE-627  |e rakwb 
041 |a eng 
100 1 |a Zhang, Jie  |e verfasserin  |4 aut 
245 1 0 |a Robust Model Watermarking for Image Processing Networks via Structure Consistency 
264 1 |c 2024 
336 |a Text  |b txt  |2 rdacontent 
337 |a ƒaComputermedien  |b c  |2 rdamedia 
338 |a ƒa Online-Ressource  |b cr  |2 rdacarrier 
500 |a Date Revised 06.09.2024 
500 |a published: Print-Electronic 
500 |a Citation Status PubMed-not-MEDLINE 
520 |a The intellectual property of deep networks can be easily "stolen" by surrogate model attack. There has been significant progress in protecting the model IP in classification tasks. However, little attention has been devoted to the protection of image processing models. By utilizing consistent invisible spatial watermarks, the work (Zhang et al. 2020) first considered model watermarking for deep image processing networks and demonstrated its efficacy in many downstream tasks. Its success depends on the hypothesis that if a consistent watermark exists in all prediction outputs, that watermark will be learned into the attacker's surrogate model. However, when the attacker uses common data augmentation attacks (e.g., rotate, crop, and resize) during surrogate model training, it will fail because the underlying watermark consistency is destroyed. To mitigate this issue, we propose a new watermarking methodology, "structure consistency", based on which a new deep structure-aligned model watermarking algorithm is designed. Specifically, the embedded watermarks are designed to be aligned with physically consistent image structures, such as edges or semantic regions. Experiments demonstrate that our method is more robust than the baseline in resisting data augmentation attacks. Besides that, we test the generalization ability and robustness of our method to a broader range of adaptive attacks 
650 4 |a Journal Article 
700 1 |a Chen, Dongdong  |e verfasserin  |4 aut 
700 1 |a Liao, Jing  |e verfasserin  |4 aut 
700 1 |a Ma, Zehua  |e verfasserin  |4 aut 
700 1 |a Fang, Han  |e verfasserin  |4 aut 
700 1 |a Zhang, Weiming  |e verfasserin  |4 aut 
700 1 |a Feng, Huamin  |e verfasserin  |4 aut 
700 1 |a Hua, Gang  |e verfasserin  |4 aut 
700 1 |a Yu, Nenghai  |e verfasserin  |4 aut 
773 0 8 |i Enthalten in  |t IEEE transactions on pattern analysis and machine intelligence  |d 1979  |g 46(2024), 10 vom: 25. Okt., Seite 6985-6992  |w (DE-627)NLM098212257  |x 1939-3539  |7 nnas 
773 1 8 |g volume:46  |g year:2024  |g number:10  |g day:25  |g month:10  |g pages:6985-6992 
856 4 0 |u http://dx.doi.org/10.1109/TPAMI.2024.3381543  |3 Volltext 
912 |a GBV_USEFLAG_A 
912 |a SYSFLAG_A 
912 |a GBV_NLM 
912 |a GBV_ILN_350 
951 |a AR 
952 |d 46  |j 2024  |e 10  |b 25  |c 10  |h 6985-6992