Deep Serial Number: Computational Watermark for DNN Intellectual Property Protection

Document Type

Conference Proceeding

Publication Date

1-1-2023

Abstract

In this paper, we present DSN (Deep Serial Number), a simple yet effective watermarking algorithm designed specifically for deep neural networks (DNNs). Unlike traditional methods that incorporate identification signals into DNNs, our approach explores a novel Intellectual Property (IP) protection mechanism for DNNs, effectively thwarting adversaries from using stolen networks. Inspired by the success of serial numbers in safeguarding conventional software IP, we propose the first implementation of serial number embedding within DNNs. To achieve this, DSN is integrated into a knowledge distillation framework, in which a private teacher DNN is initially trained. Subsequently, its knowledge is distilled and imparted to a series of customized student DNNs. Each customer DNN functions correctly only upon input of a valid serial number. Experimental results across various applications demonstrate DSN’s efficacy in preventing unauthorized usage without compromising the original DNN performance. The experiments further show that DSN is resistant to different categories of watermark attacks.

Identifier

85174435483 (Scopus)

ISBN

[9783031434266]

Publication Title

Lecture Notes in Computer Science Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics

External Full Text Location

https://doi.org/10.1007/978-3-031-43427-3_10

e-ISSN

16113349

ISSN

03029743

First Page

157

Last Page

173

Volume

14174 LNAI

Grant

CNS-1816497

Fund Ref

National Science Foundation

This document is currently not available here.

Share

COinS