重庆邮电大学学报(自然科学版)2024,Vol.36Issue(4):765-774,10.DOI:10.3979/j.issn.1673-825X.202308290285
融合内外部特征水印的模型保护方案
Model protection scheme for fusion of internal and external feature watermarks
摘要
Abstract
In response to the limitations of classical model watermarking techniques in protecting model ownership,such as poor robustness and low extraction rates,we propose a fusion watermarking model protection scheme that integrates the ad-vantages of white-box and black-box watermarking.A strategy is proposed to divide the dataset samples into benign sam-ples,style transfer samples,and key samples based on the size of Shannon entropy.The style transfer sample set is used to embed external features into the model,while the labels of key samples are used to embed internal features into the model.A binary classifier is trained,and a mask gradient descent method is employed to modify a minimal number of parameters to generate specific outputs for comprehensive judgment of model theft.Experimental results demonstrate that the proposed scheme ensures high fidelity of the watermark with less overhead.It exhibits high stability against attacks such as label que-rying and knowledge distillation,while also avoiding the risk of malicious detection.关键词
模型保护/融合水印/数据划分/特征嵌入Key words
model protection/fusion watermarking/data partitioning/feature embedding分类
计算机与自动化引用本文复制引用
彭维平,刘家宝,平源,马迪,宋成..融合内外部特征水印的模型保护方案[J].重庆邮电大学学报(自然科学版),2024,36(4):765-774,10.基金项目
河南省重点研发与推广专项(212102210084)The Key R&D and Promotion Program of Henan Province(212102210084) (212102210084)
