计算机工程2026,Vol.52Issue(4):22-38,17.DOI:10.19678/j.issn.1000-3428.0252743
深度神经网络模型水印攻击研究
Research on Watermarking Attack of Deep Neural Network Models
摘要
Abstract
Model intellectual property protection is an issue that cannot be ignored in model security.Watermarking technology,as the core means of model traceability,provides technical support for copyright verification by embedding special identifiers into model parameters or generated content.However,trained watermarked models can easily be copied and spread,which enables attackers to destroy or remove the watermarks embedded in Deep Neural Network(DNN)models using specific technical means such as fine-tuning,pruning,or adversarial sample attacks,making the verification of model ownership impossible.To gain a deeper understanding of model watermarking attack methods,this study begins by introducing model watermarking attacks and proceeds to classify these methods into two categories,white-box watermarking attacks and black-box watermarking attacks,based on the attacker's access rights and information acquisition capabilities regarding the target model.It also sorts and analyzes the motives,hazards,attack principles,and specific implementation methods of DNN model watermarking attacks.Moreover,it compares and summarizes existing research on model watermarking attacks from the perspectives of attacker capabilities and performance impacts.Finally,it explores the potential positive roles of neural network model watermarking attacks in future research and provides suggestions for in-depth research in the fields of model security and intellectual property protection.关键词
深度学习/模型安全/水印技术/人工智能(AI)安全/版权保护Key words
deep learning/model security/watermarking technology/Artificial Intelligence(AI)security/copyright protection分类
信息技术与安全科学引用本文复制引用
王雯,杨奎武,仝松松,魏江宏,薛岩,周荣魁..深度神经网络模型水印攻击研究[J].计算机工程,2026,52(4):22-38,17.基金项目
国家自然科学基金(62172434) (62172434)
河南省高等教育教学改革研究与实践项目(2024SJGLX0095). (2024SJGLX0095)
