A survey of fragile model watermarking

With the rapid development of artificial intelligence models and their widespread application across various sectors, the reliability of these models has become a critical concern. Model integrity is an essential factor for ensuring the reliability of AI models. However, several types of attacks threaten the integrity of models, such as backdoor attacks and poisoning attacks, which can lead to incorrect output. When these outputs are applied in critical areas like finance and national defense, they may pose significant risks to society. In traditional media, fragile watermarks protect content integrity. Combined with adversarial knowledge, this forms fragile model watermarking. This technique aims to safeguard model integrity by detecting tampering. Although fragile model watermarking has developed more recently than robust model copyright watermarking, it has seen rapid advancements in recent years. However, a comprehensive survey on fragile model watermarking has yet to be published. This paper provides the first comprehensive survey of fragile model watermarking, categorizing it based on the two stages of embedding and verification. It introduces the basic principles of various fragile watermarking algorithms, discussing in detail the characteristics, advantages, and limitations of these approaches. Finally, the paper presents future directions for the development of fragile model watermarking.