计算机工程与科学2024,Vol.46Issue(4):647-656,10.DOI:10.3969/j.issn.1007-130X.2024.04.009
一种基于认证文件的双方验证模型水印方案
A dual-verification model watermarking scheme based on certification files
摘要
Abstract
With the integration of edge computing frameworks and federated learning protocols,an increasing number of copyright protection methods for deep learning models have been proposed.How-ever,solely verifying ownership from the sender.s perspective does not provide assistance to the receiv-er.Numerous studies have indicated that in client-edge-cloud federated learning systems,malicious us-ers attempt to gain access to public models without contributing or even poison the public models.Therefore,it is necessary to provide a model ownership verification scheme for the receiver.Building upon existing neural network watermarking schemes,this paper proposes a dual-verification model watermarking scheme based on certification files.It introduces a certification file generation step and implements dual ownership verification of the model through adjustments in the model structure.The feasibility,robustness,and improvement in watermark embedding rate of the scheme are verified through experiments.关键词
边缘计算/联邦学习/深度神经网络/模型版权保护/数字水印Key words
edge computing/federated learning/deep neural network/model copyright protection/digital watermarking分类
计算机与自动化引用本文复制引用
吴瑕,郑洪英,肖迪..一种基于认证文件的双方验证模型水印方案[J].计算机工程与科学,2024,46(4):647-656,10.基金项目
国家自然科学基金(62072063) (62072063)
