SlideShare a Scribd company logo

Survey on Deep Neural Network Watermarking techniques

Download as PPTX, PDF
P
Princy Joy

Survey on Deep Neural Network Watermarking techniques

Technology
1 of 16
A survey of deep neural network watermarking techniques Based on: https://arxiv.org/pdf/2103.09274.pdf Original Authors: Yue Lia, Hongxia Wangb, and Mauro Barnic Date Published: 16 Mar 2021
Introduction What is watermarking in general? In digital watermarking, a low-amplitude, potentially pseudorandom, signal is injected into the original document. Signals in this document are intended to exploit some sort of redundancy in the content of the document and that can be added easily without butchering the content of the document. Why watermark is needed? Watermarks serve to protect content and to claim ownership of an asset. Without watermarks, valuable digital assets are vulnerable to content theft or unauthorized use and distributions.
Why Deep Neural Network (DNN) watermarking ? - Deep learning models are becoming more popular because of its human like capabilities and for the same reason deployed and shared widely. - Training a deep learning model is a non-trivial task, requires huge amounts of proprietary data, and expends enormous computing, energy, and human expertise. - DNNs should be protected from unauthorised commercialization and monetization the models.
How is watermarking embedded in DNN - DNN has degree of freedom to encode additional information as they have a substantial number of parameters. - This doesn’t impede the primary task DNN is handling. - Embedding takes place in training phase by properly altering the loss function. - Impact is measurable from the performance achieved by the watermarked model.
Requirements for DNN watermarking Capacity: Refers to the number of bits encoded by the watermark. Despite the fact that a large payload is good for watermarking algorithms, it conflicts directly with robustness. Fidelity: Models containing watermarks should receive performance levels similar to those of models trained without watermarks. Robustness: Ability to extract the watermark correctly even when it has been modified. The two most common manipulations a DNN watermark must withstand are: ● Fine-tuning: re-training a model to solve a new task, alters weights ● Network pruning: To simplify a complex neural network model for deployment in low power or computationally weak devices. Trade-off triangle
Other requirements Security: There are two main kinds of intentional attacks: ● Watermark overwriting: This procedure involves adding an additional watermark to the model in order to render the original watermark unnoticeable. ● Surrogate model attack. With a surrogate model attack, an attacker trains a bogus network by feeding it a series of feedback and then uses that output to mimic the original network's functionality. Generality: DNN watermarking algorithms should be adaptable to a range of architectures carrying out a variety of tasks. Efficiency: It is the computational overhead to train the DNN on the task while simultaneously embedding the watermark.
DNN watermarking models - I Multi-bit vs. zero-bit watermarking techniques - Based on the exact content of the watermark message - When the watermark message is multi-bit, it corresponds to a sequence of N bits - When zero-bit is used, watermark extraction is carried out as a detection task, wherein the detector should determine the presence of a known watermark. Multibit (a) vs zero-bit (b) watermarking
DNN watermarking models - II Static vs. dynamic DNN watermarking - Based on where the watermark can be read from. Static watermarking: The watermark can be read directly from the network weights, which can be considered similar to conventional multimedia watermarking techniques. Dynamic watermarking: When fed with some crafted inputs, a dynamic watermark can alter the behavior of the network, which makes the watermark message visible in the model output
Static vs. dynamic DNN watermarking Static (a) vs Dynamic (b) DNN watermarking
DNN watermarking models - III White-box vs. black-box DNN extraction - Based on the data accessible to the watermark extractor White-Box: When internal parameters/weights of the DNN models are available, watermark recovery is undertaken in a white-box mode. This can be static or dynamic watermarking. Black-box: When using black-box watermarking, only the final output of the DNN is accessible. ● A watermark can be recovered by querying the model and comparing the model output to a set of correctly chosen inputs. ● During the entire decoding or detection process, both the model architecture and internal parameters are completely invisible to the decoder. ● It means this can only be achieved only by dynamic watermarking.
White-box vs. black-box DNN extraction White-box (a) vs black-box (b) DNN watermark recovery
Static Watermarking algorithms Algorithm White/ Black box Multi/ Zero bit Methodology Robustness and Security Uchida et al. White Multi In the loss function, a regularization term is added so the watermark is embedded into the model weights. Moderate against fine-tuning and pruning. Li et al White Multi As Uchida’s scheme with ST-DM-like regularization term. Moderate against fine-tuning and pruning. DeepMarks White Multi As Uchida’s scheme with anti-collusion codebooks. Moderate against fine-tuning and pruning, Collusion attack. Tartaglione et al. White Zero Weights with watermarks remain frozen during training. In the loss function, the sensitivity of the network is maximized to changes in watermarked weights. Good robustness against fine- tuning and weights quantization.
Dynamic watermarking algorithms Algorithm White/ Black box Multi/ Zero bit Methodology Robustness and Security DeepSigns (Activation map) White Multi Adds arbitrary N-bit string to the probability density function of activation maps. Moderate against fine-tuning and pruning. DeepSigns (Output layer) Black Zero Build key image-label pairs from random selected images. Moderate against fine-tuning, pruning and overwriting. Yossi et al Black Zero Inject a backdoor by selecting random images into the target model. Moderate against fine-tuning Szyller et al. Black Zero Installed at the input and output of the target model's API, embeds dynamic watermarks in responses to queries made by the client. Regular surrogate model attack Merrer et al. Black Zero Adversarial attacks can be used to adjust the decision boundary of the target model. Parameter pruning, Overwriting via adversarial fine-tuning. Zhang et al. Black Zero Visible triggering patterns with backdoor-like mechanisms. Model fine-tuning, Parameter pruning, Model inversion attack. Guo et al. Black Zero Invisible triggering patterns with backdoor-like mechanisms. Model fine-tuning
Attacks on DNN Watermarking ● The attackers can take advantage of the observation that watermark embedding increases the variance of the weights, making it possible to distinguish a watermarked model from a non-watermarked one. ● Also the standard deviation of the weight increases linearly with the watermark dimension, allowing the attacker to estimate the length of the watermark or tell if it is present. ● This information is then used to replace the existing watermark with a new one, making the original watermark unreadable.
Conclusion - DNN watermarking is immune to vulnerabilities in the same way that any other watermarking solution is. - Challenge in providing robustness against: ● Fine-tuning ● Model-pruning ● Transfer learning. - DNNs are becoming increasingly popular with its human-like capabilities and considering the resources invested in its making, it is important that these advancements be protected, and from our reading we can be quite confident that watermarking is one of the reliable ways to achieve this goal.
Thank you!

Recommended

Digital watermarking
Digital watermarkingDigital watermarking
Digital watermarkingnafees321
 
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingBreaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingAngelo Corsaro
 
Convolutional Neural Network
Convolutional Neural NetworkConvolutional Neural Network
Convolutional Neural NetworkVignesh Suresh
 
Convolution Neural Network (CNN)
Convolution Neural Network (CNN)Convolution Neural Network (CNN)
Convolution Neural Network (CNN)Basit Rafiq
 
Psuedo color
Psuedo colorPsuedo color
Psuedo colorMariashoukat1206
 
Attention Is All You Need
Attention Is All You NeedAttention Is All You Need
Attention Is All You NeedIllia Polosukhin
 
Deep learning for NLP and Transformer
Deep learning for NLP and Transformer Deep learning for NLP and Transformer
Deep learning for NLP and TransformerArvind Devaraj
 
Autoencoders Tutorial | Autoencoders In Deep Learning | Tensorflow Training |...
Autoencoders Tutorial | Autoencoders In Deep Learning | Tensorflow Training |...Autoencoders Tutorial | Autoencoders In Deep Learning | Tensorflow Training |...
Autoencoders Tutorial | Autoencoders In Deep Learning | Tensorflow Training |...Edureka!
 

Recommended

Digital watermarking
Digital watermarkingDigital watermarking
Digital watermarkingnafees321
 
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingBreaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingAngelo Corsaro
 
Convolutional Neural Network
Convolutional Neural NetworkConvolutional Neural Network
Convolutional Neural NetworkVignesh Suresh
 
Convolution Neural Network (CNN)
Convolution Neural Network (CNN)Convolution Neural Network (CNN)
Convolution Neural Network (CNN)Basit Rafiq
 
Psuedo color
Psuedo colorPsuedo color
Psuedo colorMariashoukat1206
 
Attention Is All You Need
Attention Is All You NeedAttention Is All You Need
Attention Is All You NeedIllia Polosukhin
 
Deep learning for NLP and Transformer
Deep learning for NLP and Transformer Deep learning for NLP and Transformer
Deep learning for NLP and TransformerArvind Devaraj
 
Autoencoders Tutorial | Autoencoders In Deep Learning | Tensorflow Training |...
Autoencoders Tutorial | Autoencoders In Deep Learning | Tensorflow Training |...Autoencoders Tutorial | Autoencoders In Deep Learning | Tensorflow Training |...
Autoencoders Tutorial | Autoencoders In Deep Learning | Tensorflow Training |...Edureka!
 
Deep belief network.pptx
Deep belief network.pptxDeep belief network.pptx
Deep belief network.pptxSushilAcharya18
 
IT6005 digital image processing question bank
IT6005 digital image processing question bankIT6005 digital image processing question bank
IT6005 digital image processing question bankGayathri Krishnamoorthy
 
Deep Learning - Overview of my work II
Deep Learning - Overview of my work IIDeep Learning - Overview of my work II
Deep Learning - Overview of my work IIMohamed Loey
 
Overfitting & Underfitting
Overfitting & UnderfittingOverfitting & Underfitting
Overfitting & UnderfittingSOUMIT KAR
 
Deep neural networks
Deep neural networksDeep neural networks
Deep neural networksSi Haem
 
What is word2vec?
What is word2vec?What is word2vec?
What is word2vec?Traian Rebedea
 
Autoencoder
AutoencoderAutoencoder
AutoencoderHARISH R
 
Generative adversarial networks
Generative adversarial networksGenerative adversarial networks
Generative adversarial networks남주 김
 
Regularization in deep learning
Regularization in deep learningRegularization in deep learning
Regularization in deep learningKien Le
 
Convolutional Neural Network Models - Deep Learning
Convolutional Neural Network Models - Deep LearningConvolutional Neural Network Models - Deep Learning
Convolutional Neural Network Models - Deep LearningMohamed Loey
 
Digital Watermarking
Digital WatermarkingDigital Watermarking
Digital WatermarkingMohamed Talaat
 
PPT steganography
PPT steganographyPPT steganography
PPT steganographyparvez Sharaf
 
Neural style transfer
Neural style transferNeural style transfer
Neural style transferKeshan Sodimana
 
Image classification with Deep Neural Networks
Image classification with Deep Neural NetworksImage classification with Deep Neural Networks
Image classification with Deep Neural NetworksYogendra Tamang
 
Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...
Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...
Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...Simplilearn
 
(2017/06)Practical points of deep learning for medical imaging
(2017/06)Practical points of deep learning for medical imaging(2017/06)Practical points of deep learning for medical imaging
(2017/06)Practical points of deep learning for medical imagingKyuhwan Jung
 
Transformers In Vision From Zero to Hero (DLI).pptx
Transformers In Vision From Zero to Hero (DLI).pptxTransformers In Vision From Zero to Hero (DLI).pptx
Transformers In Vision From Zero to Hero (DLI).pptxDeep Learning Italia
 
Convolutional Neural Networks (CNN)
Convolutional Neural Networks (CNN)Convolutional Neural Networks (CNN)
Convolutional Neural Networks (CNN)Gaurav Mittal
 
GAN Evaluation
GAN EvaluationGAN Evaluation
GAN EvaluationDongheon Lee
 
Pattern Recognition
Pattern RecognitionPattern Recognition
Pattern RecognitionMaaz Hasan
 
Ijri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvqIjri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvqIjripublishers Ijri
 
Digital water marking
Digital water markingDigital water marking
Digital water markingMd Aktar
 

More Related Content

What's hot

Deep belief network.pptx
Deep belief network.pptxDeep belief network.pptx
Deep belief network.pptxSushilAcharya18
 
IT6005 digital image processing question bank
IT6005 digital image processing question bankIT6005 digital image processing question bank
IT6005 digital image processing question bankGayathri Krishnamoorthy
 
Deep Learning - Overview of my work II
Deep Learning - Overview of my work IIDeep Learning - Overview of my work II
Deep Learning - Overview of my work IIMohamed Loey
 
Overfitting & Underfitting
Overfitting & UnderfittingOverfitting & Underfitting
Overfitting & UnderfittingSOUMIT KAR
 
Deep neural networks
Deep neural networksDeep neural networks
Deep neural networksSi Haem
 
Autoencoder
AutoencoderAutoencoder
AutoencoderHARISH R
 
Generative adversarial networks
Generative adversarial networksGenerative adversarial networks
Generative adversarial networks남주 김
 
Regularization in deep learning
Regularization in deep learningRegularization in deep learning
Regularization in deep learningKien Le
 
Convolutional Neural Network Models - Deep Learning
Convolutional Neural Network Models - Deep LearningConvolutional Neural Network Models - Deep Learning
Convolutional Neural Network Models - Deep LearningMohamed Loey
 
Image classification with Deep Neural Networks
Image classification with Deep Neural NetworksImage classification with Deep Neural Networks
Image classification with Deep Neural NetworksYogendra Tamang
 
Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...
Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...
Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...Simplilearn
 
(2017/06)Practical points of deep learning for medical imaging
(2017/06)Practical points of deep learning for medical imaging(2017/06)Practical points of deep learning for medical imaging
(2017/06)Practical points of deep learning for medical imagingKyuhwan Jung
 
Transformers In Vision From Zero to Hero (DLI).pptx
Transformers In Vision From Zero to Hero (DLI).pptxTransformers In Vision From Zero to Hero (DLI).pptx
Transformers In Vision From Zero to Hero (DLI).pptxDeep Learning Italia
 
Convolutional Neural Networks (CNN)
Convolutional Neural Networks (CNN)Convolutional Neural Networks (CNN)
Convolutional Neural Networks (CNN)Gaurav Mittal
 
Pattern Recognition
Pattern RecognitionPattern Recognition
Pattern RecognitionMaaz Hasan
 

What's hot (20)

Deep belief network.pptx
Deep belief network.pptxDeep belief network.pptx
Deep belief network.pptx
 
IT6005 digital image processing question bank
IT6005 digital image processing question bankIT6005 digital image processing question bank
IT6005 digital image processing question bank
 
Deep Learning - Overview of my work II
Deep Learning - Overview of my work IIDeep Learning - Overview of my work II
Deep Learning - Overview of my work II
 
Overfitting & Underfitting
Overfitting & UnderfittingOverfitting & Underfitting
Overfitting & Underfitting
 
Deep neural networks
Deep neural networksDeep neural networks
Deep neural networks
 
What is word2vec?
What is word2vec?What is word2vec?
What is word2vec?
 
Autoencoder
AutoencoderAutoencoder
Autoencoder
 
Generative adversarial networks
Generative adversarial networksGenerative adversarial networks
Generative adversarial networks
 
Regularization in deep learning
Regularization in deep learningRegularization in deep learning
Regularization in deep learning
 
Convolutional Neural Network Models - Deep Learning
Convolutional Neural Network Models - Deep LearningConvolutional Neural Network Models - Deep Learning
Convolutional Neural Network Models - Deep Learning
 
Digital Watermarking
Digital WatermarkingDigital Watermarking
Digital Watermarking
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
 
Neural style transfer
Neural style transferNeural style transfer
Neural style transfer
 
Image classification with Deep Neural Networks
Image classification with Deep Neural NetworksImage classification with Deep Neural Networks
Image classification with Deep Neural Networks
 
Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...
Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...
Artificial Neural Network | Deep Neural Network Explained | Artificial Neural...
 
(2017/06)Practical points of deep learning for medical imaging
(2017/06)Practical points of deep learning for medical imaging(2017/06)Practical points of deep learning for medical imaging
(2017/06)Practical points of deep learning for medical imaging
 
Transformers In Vision From Zero to Hero (DLI).pptx
Transformers In Vision From Zero to Hero (DLI).pptxTransformers In Vision From Zero to Hero (DLI).pptx
Transformers In Vision From Zero to Hero (DLI).pptx
 
Convolutional Neural Networks (CNN)
Convolutional Neural Networks (CNN)Convolutional Neural Networks (CNN)
Convolutional Neural Networks (CNN)
 
GAN Evaluation
GAN EvaluationGAN Evaluation
GAN Evaluation
 
Pattern Recognition
Pattern RecognitionPattern Recognition
Pattern Recognition
 

Similar to Survey on Deep Neural Network Watermarking techniques

Ijri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvqIjri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvqIjripublishers Ijri
 
Digital water marking
Digital water markingDigital water marking
Digital water markingMd Aktar
 
DIRECTIONAL BASED WATERMARKING SCHEME USING A NOVEL DATA EMBEDDING APPROACH
DIRECTIONAL BASED WATERMARKING SCHEME USING A NOVEL DATA EMBEDDING APPROACH DIRECTIONAL BASED WATERMARKING SCHEME USING A NOVEL DATA EMBEDDING APPROACH
DIRECTIONAL BASED WATERMARKING SCHEME USING A NOVEL DATA EMBEDDING APPROACH acijjournal
 
A New Technique to Digital Image Watermarking Using DWT for Real Time Applica...
A New Technique to Digital Image Watermarking Using DWT for Real Time Applica...A New Technique to Digital Image Watermarking Using DWT for Real Time Applica...
A New Technique to Digital Image Watermarking Using DWT for Real Time Applica...IJERA Editor
 
User Behavior Analytics Using Machine Learning
User Behavior Analytics Using Machine LearningUser Behavior Analytics Using Machine Learning
User Behavior Analytics Using Machine LearningDNIF
 
IRJET-Security Based Data Transfer and Privacy Storage through Watermark Dete...
IRJET-Security Based Data Transfer and Privacy Storage through Watermark Dete...IRJET-Security Based Data Transfer and Privacy Storage through Watermark Dete...
IRJET-Security Based Data Transfer and Privacy Storage through Watermark Dete...IRJET Journal
 
Comparison of Invisible Digital Watermarking Techniques for its Robustness
Comparison of Invisible Digital Watermarking Techniques for its RobustnessComparison of Invisible Digital Watermarking Techniques for its Robustness
Comparison of Invisible Digital Watermarking Techniques for its RobustnessIRJET Journal
 
CAR DAMAGE DETECTION USING DEEP LEARNING
CAR DAMAGE DETECTION USING DEEP LEARNINGCAR DAMAGE DETECTION USING DEEP LEARNING
CAR DAMAGE DETECTION USING DEEP LEARNINGIRJET Journal
 
A Robust Watermarking Technique Based On Dwt on Digital Images
A Robust Watermarking Technique Based On Dwt on Digital ImagesA Robust Watermarking Technique Based On Dwt on Digital Images
A Robust Watermarking Technique Based On Dwt on Digital ImagesIJMER
 
An Overview of Visual Cryptography based Video Watermarking Schemes: Techniqu...
An Overview of Visual Cryptography based Video Watermarking Schemes: Techniqu...An Overview of Visual Cryptography based Video Watermarking Schemes: Techniqu...
An Overview of Visual Cryptography based Video Watermarking Schemes: Techniqu...idescitation
 
Self Attested Images for Secured Transactions using Superior SOM
Self Attested Images for Secured Transactions using Superior SOMSelf Attested Images for Secured Transactions using Superior SOM
Self Attested Images for Secured Transactions using Superior SOMIDES Editor
 
A Review of BSS Based Digital Image Watermarking and Extraction Methods
A Review of BSS Based Digital Image Watermarking and Extraction MethodsA Review of BSS Based Digital Image Watermarking and Extraction Methods
A Review of BSS Based Digital Image Watermarking and Extraction MethodsIOSR Journals
 
A Review of BSS Based Digital Image Watermarking and Extraction Methods
A Review of BSS Based Digital Image Watermarking and Extraction MethodsA Review of BSS Based Digital Image Watermarking and Extraction Methods
A Review of BSS Based Digital Image Watermarking and Extraction MethodsIOSR Journals
 
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.IRJET Journal
 

Similar to Survey on Deep Neural Network Watermarking techniques (20)

Ijri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvqIjri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvq
 
Digital water marking
Digital water markingDigital water marking
Digital water marking
 
Jq3417501753
Jq3417501753Jq3417501753
Jq3417501753
 
DIRECTIONAL BASED WATERMARKING SCHEME USING A NOVEL DATA EMBEDDING APPROACH
DIRECTIONAL BASED WATERMARKING SCHEME USING A NOVEL DATA EMBEDDING APPROACH DIRECTIONAL BASED WATERMARKING SCHEME USING A NOVEL DATA EMBEDDING APPROACH
DIRECTIONAL BASED WATERMARKING SCHEME USING A NOVEL DATA EMBEDDING APPROACH
 
A New Technique to Digital Image Watermarking Using DWT for Real Time Applica...
A New Technique to Digital Image Watermarking Using DWT for Real Time Applica...A New Technique to Digital Image Watermarking Using DWT for Real Time Applica...
A New Technique to Digital Image Watermarking Using DWT for Real Time Applica...
 
User Behavior Analytics Using Machine Learning
User Behavior Analytics Using Machine LearningUser Behavior Analytics Using Machine Learning
User Behavior Analytics Using Machine Learning
 
IRJET-Security Based Data Transfer and Privacy Storage through Watermark Dete...
IRJET-Security Based Data Transfer and Privacy Storage through Watermark Dete...IRJET-Security Based Data Transfer and Privacy Storage through Watermark Dete...
IRJET-Security Based Data Transfer and Privacy Storage through Watermark Dete...
 
Ki2417591763
Ki2417591763Ki2417591763
Ki2417591763
 
Comparison of Invisible Digital Watermarking Techniques for its Robustness
Comparison of Invisible Digital Watermarking Techniques for its RobustnessComparison of Invisible Digital Watermarking Techniques for its Robustness
Comparison of Invisible Digital Watermarking Techniques for its Robustness
 
Iw2415551560
Iw2415551560Iw2415551560
Iw2415551560
 
Dz31840846
Dz31840846Dz31840846
Dz31840846
 
CAR DAMAGE DETECTION USING DEEP LEARNING
CAR DAMAGE DETECTION USING DEEP LEARNINGCAR DAMAGE DETECTION USING DEEP LEARNING
CAR DAMAGE DETECTION USING DEEP LEARNING
 
A Robust Watermarking Technique Based On Dwt on Digital Images
A Robust Watermarking Technique Based On Dwt on Digital ImagesA Robust Watermarking Technique Based On Dwt on Digital Images
A Robust Watermarking Technique Based On Dwt on Digital Images
 
An Overview of Visual Cryptography based Video Watermarking Schemes: Techniqu...
An Overview of Visual Cryptography based Video Watermarking Schemes: Techniqu...An Overview of Visual Cryptography based Video Watermarking Schemes: Techniqu...
An Overview of Visual Cryptography based Video Watermarking Schemes: Techniqu...
 
Self Attested Images for Secured Transactions using Superior SOM
Self Attested Images for Secured Transactions using Superior SOMSelf Attested Images for Secured Transactions using Superior SOM
Self Attested Images for Secured Transactions using Superior SOM
 
[IJET V2I4P2] Authors:Damanbir Singh, Guneet Kaur
[IJET V2I4P2] Authors:Damanbir Singh, Guneet Kaur[IJET V2I4P2] Authors:Damanbir Singh, Guneet Kaur
[IJET V2I4P2] Authors:Damanbir Singh, Guneet Kaur
 
ieee title
ieee titleieee title
ieee title
 
A Review of BSS Based Digital Image Watermarking and Extraction Methods
A Review of BSS Based Digital Image Watermarking and Extraction MethodsA Review of BSS Based Digital Image Watermarking and Extraction Methods
A Review of BSS Based Digital Image Watermarking and Extraction Methods
 
A Review of BSS Based Digital Image Watermarking and Extraction Methods
A Review of BSS Based Digital Image Watermarking and Extraction MethodsA Review of BSS Based Digital Image Watermarking and Extraction Methods
A Review of BSS Based Digital Image Watermarking and Extraction Methods
 
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Survey on Deep Neural Network Watermarking techniques

  • 1. A survey of deep neural network watermarking techniques Based on: https://arxiv.org/pdf/2103.09274.pdf Original Authors: Yue Lia, Hongxia Wangb, and Mauro Barnic Date Published: 16 Mar 2021
  • 2. Introduction What is watermarking in general? In digital watermarking, a low-amplitude, potentially pseudorandom, signal is injected into the original document. Signals in this document are intended to exploit some sort of redundancy in the content of the document and that can be added easily without butchering the content of the document. Why watermark is needed? Watermarks serve to protect content and to claim ownership of an asset. Without watermarks, valuable digital assets are vulnerable to content theft or unauthorized use and distributions.
  • 3. Why Deep Neural Network (DNN) watermarking ? - Deep learning models are becoming more popular because of its human like capabilities and for the same reason deployed and shared widely. - Training a deep learning model is a non-trivial task, requires huge amounts of proprietary data, and expends enormous computing, energy, and human expertise. - DNNs should be protected from unauthorised commercialization and monetization the models.
  • 4. How is watermarking embedded in DNN - DNN has degree of freedom to encode additional information as they have a substantial number of parameters. - This doesn’t impede the primary task DNN is handling. - Embedding takes place in training phase by properly altering the loss function. - Impact is measurable from the performance achieved by the watermarked model.
  • 5. Requirements for DNN watermarking Capacity: Refers to the number of bits encoded by the watermark. Despite the fact that a large payload is good for watermarking algorithms, it conflicts directly with robustness. Fidelity: Models containing watermarks should receive performance levels similar to those of models trained without watermarks. Robustness: Ability to extract the watermark correctly even when it has been modified. The two most common manipulations a DNN watermark must withstand are: ● Fine-tuning: re-training a model to solve a new task, alters weights ● Network pruning: To simplify a complex neural network model for deployment in low power or computationally weak devices. Trade-off triangle
  • 6. Other requirements Security: There are two main kinds of intentional attacks: ● Watermark overwriting: This procedure involves adding an additional watermark to the model in order to render the original watermark unnoticeable. ● Surrogate model attack. With a surrogate model attack, an attacker trains a bogus network by feeding it a series of feedback and then uses that output to mimic the original network's functionality. Generality: DNN watermarking algorithms should be adaptable to a range of architectures carrying out a variety of tasks. Efficiency: It is the computational overhead to train the DNN on the task while simultaneously embedding the watermark.
  • 7. DNN watermarking models - I Multi-bit vs. zero-bit watermarking techniques - Based on the exact content of the watermark message - When the watermark message is multi-bit, it corresponds to a sequence of N bits - When zero-bit is used, watermark extraction is carried out as a detection task, wherein the detector should determine the presence of a known watermark. Multibit (a) vs zero-bit (b) watermarking
  • 8. DNN watermarking models - II Static vs. dynamic DNN watermarking - Based on where the watermark can be read from. Static watermarking: The watermark can be read directly from the network weights, which can be considered similar to conventional multimedia watermarking techniques. Dynamic watermarking: When fed with some crafted inputs, a dynamic watermark can alter the behavior of the network, which makes the watermark message visible in the model output
  • 9. Static vs. dynamic DNN watermarking Static (a) vs Dynamic (b) DNN watermarking
  • 10. DNN watermarking models - III White-box vs. black-box DNN extraction - Based on the data accessible to the watermark extractor White-Box: When internal parameters/weights of the DNN models are available, watermark recovery is undertaken in a white-box mode. This can be static or dynamic watermarking. Black-box: When using black-box watermarking, only the final output of the DNN is accessible. ● A watermark can be recovered by querying the model and comparing the model output to a set of correctly chosen inputs. ● During the entire decoding or detection process, both the model architecture and internal parameters are completely invisible to the decoder. ● It means this can only be achieved only by dynamic watermarking.
  • 11. White-box vs. black-box DNN extraction White-box (a) vs black-box (b) DNN watermark recovery
  • 12. Static Watermarking algorithms Algorithm White/ Black box Multi/ Zero bit Methodology Robustness and Security Uchida et al. White Multi In the loss function, a regularization term is added so the watermark is embedded into the model weights. Moderate against fine-tuning and pruning. Li et al White Multi As Uchida’s scheme with ST-DM-like regularization term. Moderate against fine-tuning and pruning. DeepMarks White Multi As Uchida’s scheme with anti-collusion codebooks. Moderate against fine-tuning and pruning, Collusion attack. Tartaglione et al. White Zero Weights with watermarks remain frozen during training. In the loss function, the sensitivity of the network is maximized to changes in watermarked weights. Good robustness against fine- tuning and weights quantization.
  • 13. Dynamic watermarking algorithms Algorithm White/ Black box Multi/ Zero bit Methodology Robustness and Security DeepSigns (Activation map) White Multi Adds arbitrary N-bit string to the probability density function of activation maps. Moderate against fine-tuning and pruning. DeepSigns (Output layer) Black Zero Build key image-label pairs from random selected images. Moderate against fine-tuning, pruning and overwriting. Yossi et al Black Zero Inject a backdoor by selecting random images into the target model. Moderate against fine-tuning Szyller et al. Black Zero Installed at the input and output of the target model's API, embeds dynamic watermarks in responses to queries made by the client. Regular surrogate model attack Merrer et al. Black Zero Adversarial attacks can be used to adjust the decision boundary of the target model. Parameter pruning, Overwriting via adversarial fine-tuning. Zhang et al. Black Zero Visible triggering patterns with backdoor-like mechanisms. Model fine-tuning, Parameter pruning, Model inversion attack. Guo et al. Black Zero Invisible triggering patterns with backdoor-like mechanisms. Model fine-tuning
  • 14. Attacks on DNN Watermarking ● The attackers can take advantage of the observation that watermark embedding increases the variance of the weights, making it possible to distinguish a watermarked model from a non-watermarked one. ● Also the standard deviation of the weight increases linearly with the watermark dimension, allowing the attacker to estimate the length of the watermark or tell if it is present. ● This information is then used to replace the existing watermark with a new one, making the original watermark unreadable.
  • 15. Conclusion - DNN watermarking is immune to vulnerabilities in the same way that any other watermarking solution is. - Challenge in providing robustness against: ● Fine-tuning ● Model-pruning ● Transfer learning. - DNNs are becoming increasingly popular with its human-like capabilities and considering the resources invested in its making, it is important that these advancements be protected, and from our reading we can be quite confident that watermarking is one of the reliable ways to achieve this goal.