|国家科技期刊平台
首页|期刊导航|计算机工程与科学|一种基于认证文件的双方验证模型水印方案

一种基于认证文件的双方验证模型水印方案OA北大核心CSTPCD

A dual-verification model watermarking scheme based on certification files

中文摘要英文摘要

随着边缘计算框架和联邦学习协议的结合,越来越多的深度学习模型版权保护工作被提出,但仅从发送方角度进行所有权验证,无法为接收方提供帮助.大量研究指出,在端-边-云联邦学习系统中,存在恶意用户试图无贡献获取公共模型,甚至向公共模型投毒,为此,有必要给接收方提供模型所有权验证方案.该研究在现有神经网络水印方案的基础上,提出了一种基于认证文件的双方验证模型水印方案,添加了认证文件生成步骤,并以模型结构调整实现双方对模型的所有权验证.通过实验验证了所提方案的可行性、鲁棒性以及获得的水印嵌入速度提升.

With the integration of edge computing frameworks and federated learning protocols,an increasing number of copyright protection methods for deep learning models have been proposed.How-ever,solely verifying ownership from the sender.s perspective does not provide assistance to the receiv-er.Numerous studies have indicated that in client-edge-cloud federated learning systems,malicious us-ers attempt to gain access to public models without contributing or even poison the public models.Therefore,it is necessary to provide a model ownership verification scheme for the receiver.Building upon existing neural network watermarking schemes,this paper proposes a dual-verification model watermarking scheme based on certification files.It introduces a certification file generation step and implements dual ownership verification of the model through adjustments in the model structure.The feasibility,robustness,and improvement in watermark embedding rate of the scheme are verified through experiments.

吴瑕;郑洪英;肖迪

重庆大学计算机学院,重庆 401331

计算机与自动化

边缘计算联邦学习深度神经网络模型版权保护数字水印

edge computingfederated learningdeep neural networkmodel copyright protectiondigital watermarking

《计算机工程与科学》 2024 (004)

兼顾图像数据隐私保护与可用性的压缩感知方法研究

647-656 / 10

国家自然科学基金(62072063)

10.3969/j.issn.1007-130X.2024.04.009

评论