Black Box Watermarking Technology of the AI Model
DOI:
https://doi.org/10.54097/3kxkgy31Keywords:
Watermark, embedding, fin-tuning.Abstract
Today's rapidly developing AI models, black box watermarking technology is becoming an important means of intellectual property protection as it does not require access to the internal structure of the model. The theme of this paper is the black box watermarking technology of artificial intelligence models. First, the paper explains its theory, utilizing the ‘memory’ of the model to achieve identification through embedding and verification processes. Second, based on the different watermark embedding methods, two mainstream embedding methods are analyzed. In the training embedding stage, the model ‘remembers’ the mapping relationship, while in the fine-tuning stage, the watermark is embedded with a small number of parameters. Besides, this paper explores key performance indicators including robustness fidelity. Finally, for the current technological development situation, suggestions such as dynamically triggering sample generation are proposed, and future development trends are pointed out. This paper may help the researchers who are working in this field.
Downloads
References
[1] Uchida Y, Nagai Y, Sakazawa S, et al. Embedding watermarks into deep neural networks. Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval. New York: ACM, 2017: 269 - 277.
[2] Xie Chenqi, Zhang Baowen, Yi Ping. Research on watermarking of artificial intelligence models. Computer Science, 2021, 48 (07): 9 - 16.
[3] Adi Y, Baum C, Cisse M, et al. Turning your weakness into a strength: Watermarking deep neural networks by backdooring. Proceedings of the 27th USENIX Security Symposium. 2018: 1615 - 1631.
[4] Cetinic E, Lipic T, Grgic S. Fine-tuning convolutional neural networks for fine art classification. Expert Systems with Applications, 2018, 114: 107 - 118.
[5] Wu Hanzhou, Zhang Jie, Li Yue, et al. Overview of artificial intelligence model watermarking. Journal of Image and Graphics, 2023, 28 (6): 1792 - 1810.
[6] Wołczyk M, Cupiał B, Ostaszewski M, Bortkiewicz M, Zając M, Pascanu R, et al. Fine-tuning reinforcement learning models is secretly a forgetting mitigation problem. arXiv preprint arXiv:2402.02868, 2024.
[7] Papernot N, McDaniel P, Wu X, et al. Distillation as a defense to adversarial perturbations against deep neural networks. Proceedings of 2016 IEEE Symposium on Security and Privacy. 2016: 582 - 597.
[8] Feng Shuai, Deng Lunzhi. Identity-based data auditing scheme with privacy protection. Journal of Guizhou Normal University (Natural Sciences), 2023, 41 (2): 105 − 112.
[9] Sarker J, Turzo AK, Bosu A. A benchmark study of the contemporary toxicity detectors on software engineering interactions. In 2020 27th Asia-Pacific Software Engineering Conference (APSEC). IEEE, 2020: 218 - 227.
[10] Feng Le, Zhu Renjie, Wu Hanzhou, et al. Overview of neural network watermarking. Journal of Applied Science, 2021, 39 (06): 881 - 892.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Highlights in Science, Engineering and Technology
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
