NEURAL NETWORK FRAGILE WATERMARKING WITH NO MODEL PERFORMANCE DEGRADATION

Zhaoxia Yin; Heng Yin; Xinpeng Zhang

doi:10.1109/ICIP46576.2022.9897413

NEURAL NETWORK FRAGILE WATERMARKING WITH NO MODEL PERFORMANCE DEGRADATION

Zhaoxia Yin
, Heng Yin
, Xinpeng Zhang

School of Communication and Electronic Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

20 Scopus citations

Abstract

Deep neural networks are vulnerable to malicious fine-tuning attacks such as data poisoning and backdoor attacks. Therefore, in recent research, it is proposed how to detect malicious fine-tuning of neural network models. However, it usually negatively affects the performance of the protected model. Thus, we propose a novel neural network fragile watermarking with no model performance degradation. In the process of watermarking, we train a generative model with the specific loss function and secret key to generate triggers that are sensitive to the fine-tuning of the target classifier. In the process of verifying, we adopt the watermarked classifier to get labels of each fragile trigger. Then, malicious fine-tuning can be detected by comparing secret keys and labels. Experiments on classic datasets and classifiers show that the proposed method can effectively detect model malicious fine-tuning with no model performance degradation.

Original language	English
Title of host publication	2022 IEEE International Conference on Image Processing, ICIP 2022 - Proceedings
Publisher	IEEE Computer Society
Pages	3958-3962
Number of pages	5
ISBN (Electronic)	9781665496209
DOIs	https://doi.org/10.1109/ICIP46576.2022.9897413
State	Published - 2022
Event	29th IEEE International Conference on Image Processing, ICIP 2022 - Bordeaux, France Duration: 16 Oct 2022 → 19 Oct 2022

Publication series

Name	Proceedings - International Conference on Image Processing, ICIP
ISSN (Print)	1522-4880

Conference

Conference	29th IEEE International Conference on Image Processing, ICIP 2022
Country/Territory	France
City	Bordeaux
Period	16/10/22 → 19/10/22

Keywords

Backdoor attack
Fragile watermarking
Malicious tuning detection
Model integrity protection
Neural network

Access to Document

10.1109/ICIP46576.2022.9897413

Cite this

@inproceedings{ee9d383667e64a348dd4dcfa2054e0e7,

title = "NEURAL NETWORK FRAGILE WATERMARKING WITH NO MODEL PERFORMANCE DEGRADATION",

abstract = "Deep neural networks are vulnerable to malicious fine-tuning attacks such as data poisoning and backdoor attacks. Therefore, in recent research, it is proposed how to detect malicious fine-tuning of neural network models. However, it usually negatively affects the performance of the protected model. Thus, we propose a novel neural network fragile watermarking with no model performance degradation. In the process of watermarking, we train a generative model with the specific loss function and secret key to generate triggers that are sensitive to the fine-tuning of the target classifier. In the process of verifying, we adopt the watermarked classifier to get labels of each fragile trigger. Then, malicious fine-tuning can be detected by comparing secret keys and labels. Experiments on classic datasets and classifiers show that the proposed method can effectively detect model malicious fine-tuning with no model performance degradation.",

keywords = "Backdoor attack, Fragile watermarking, Malicious tuning detection, Model integrity protection, Neural network",

author = "Zhaoxia Yin and Heng Yin and Xinpeng Zhang",

note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 29th IEEE International Conference on Image Processing, ICIP 2022 ; Conference date: 16-10-2022 Through 19-10-2022",

year = "2022",

doi = "10.1109/ICIP46576.2022.9897413",

language = "英语",

series = "Proceedings - International Conference on Image Processing, ICIP",

publisher = "IEEE Computer Society",

pages = "3958--3962",

booktitle = "2022 IEEE International Conference on Image Processing, ICIP 2022 - Proceedings",

address = "美国",

}

Yin, Z, Yin, H & Zhang, X 2022, NEURAL NETWORK FRAGILE WATERMARKING WITH NO MODEL PERFORMANCE DEGRADATION. in 2022 IEEE International Conference on Image Processing, ICIP 2022 - Proceedings. Proceedings - International Conference on Image Processing, ICIP, IEEE Computer Society, pp. 3958-3962, 29th IEEE International Conference on Image Processing, ICIP 2022, Bordeaux, France, 16/10/22. https://doi.org/10.1109/ICIP46576.2022.9897413

NEURAL NETWORK FRAGILE WATERMARKING WITH NO MODEL PERFORMANCE DEGRADATION. / Yin, Zhaoxia; Yin, Heng; Zhang, Xinpeng.
2022 IEEE International Conference on Image Processing, ICIP 2022 - Proceedings. IEEE Computer Society, 2022. p. 3958-3962 (Proceedings - International Conference on Image Processing, ICIP).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - NEURAL NETWORK FRAGILE WATERMARKING WITH NO MODEL PERFORMANCE DEGRADATION

AU - Yin, Zhaoxia

AU - Yin, Heng

AU - Zhang, Xinpeng

PY - 2022

Y1 - 2022

N2 - Deep neural networks are vulnerable to malicious fine-tuning attacks such as data poisoning and backdoor attacks. Therefore, in recent research, it is proposed how to detect malicious fine-tuning of neural network models. However, it usually negatively affects the performance of the protected model. Thus, we propose a novel neural network fragile watermarking with no model performance degradation. In the process of watermarking, we train a generative model with the specific loss function and secret key to generate triggers that are sensitive to the fine-tuning of the target classifier. In the process of verifying, we adopt the watermarked classifier to get labels of each fragile trigger. Then, malicious fine-tuning can be detected by comparing secret keys and labels. Experiments on classic datasets and classifiers show that the proposed method can effectively detect model malicious fine-tuning with no model performance degradation.

AB - Deep neural networks are vulnerable to malicious fine-tuning attacks such as data poisoning and backdoor attacks. Therefore, in recent research, it is proposed how to detect malicious fine-tuning of neural network models. However, it usually negatively affects the performance of the protected model. Thus, we propose a novel neural network fragile watermarking with no model performance degradation. In the process of watermarking, we train a generative model with the specific loss function and secret key to generate triggers that are sensitive to the fine-tuning of the target classifier. In the process of verifying, we adopt the watermarked classifier to get labels of each fragile trigger. Then, malicious fine-tuning can be detected by comparing secret keys and labels. Experiments on classic datasets and classifiers show that the proposed method can effectively detect model malicious fine-tuning with no model performance degradation.

KW - Backdoor attack

KW - Fragile watermarking

KW - Malicious tuning detection

KW - Model integrity protection

KW - Neural network

UR - https://www.scopus.com/pages/publications/85146623390

U2 - 10.1109/ICIP46576.2022.9897413

DO - 10.1109/ICIP46576.2022.9897413

M3 - 会议稿件

AN - SCOPUS:85146623390

T3 - Proceedings - International Conference on Image Processing, ICIP

SP - 3958

EP - 3962

BT - 2022 IEEE International Conference on Image Processing, ICIP 2022 - Proceedings

PB - IEEE Computer Society

T2 - 29th IEEE International Conference on Image Processing, ICIP 2022

Y2 - 16 October 2022 through 19 October 2022

ER -

NEURAL NETWORK FRAGILE WATERMARKING WITH NO MODEL PERFORMANCE DEGRADATION

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this