一种基于认证文件的双方验证模型水印方案OA北大核心CSTPCD

With the integration of edge computing frameworks and federated learning protocols,an increasing number of copyright protection methods for deep learning models have been proposed.How-ever,solely verifying ownership from the sender.s perspective does not provide assistance to the receiv-er.Numerous studies have indicated that in client-edge-cloud federated learning systems,malicious us-ers attempt to gain access to public models without contributing or even poison the public models.Therefore,it is necessary to provide a model ownership verification scheme for the receiver.Building upon existing neural network watermarking schemes,this paper proposes a dual-verification model watermarking scheme based on certification files.It introduces a certification file generation step and implements dual ownership verification of the model through adjustments in the model structure.The feasibility,robustness,and improvement in watermark embedding rate of the scheme are verified through experiments.