融合内外部特征水印的模型保护方案  

Model protection scheme for fusion of internal and externalfeature watermarks

在线阅读下载全文

作  者:彭维平[1] 刘家宝 平源[2] 马迪 宋成[1] PENG Weiping;LIU Jiabao;PING Yuan;MA Di;SONG Cheng(School of Computer Science and Technology,Henan Polytechnic University,Jiaozuo 454003,P.R.China;School of Information Engineering,Xuchang University,Xuchang 461000,P.R.China)

机构地区:[1]河南理工大学计算机科学与技术学院,河南焦作454003 [2]许昌学院信息工程学院,河南许昌461000

出  处:《重庆邮电大学学报(自然科学版)》2024年第4期765-774,共10页Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition)

基  金:河南省重点研发与推广专项(212102210084)。

摘  要:针对经典模型水印技术在保护模型所有权过程中存在鲁棒性差、提取率低等问题,融合白、黑盒水印优势,提出了一种特征嵌入的模型保护方案。按照香农熵大小进行数据集样本划分的策略,将数据集样本划分为良性样本、风格迁移样本、关键密钥样本;利用风格迁移样本集对模型嵌入外部特征,将关键密钥样本标签嵌入模型内部特征;通过训练二元分类器并利用掩码梯度下降方法修改极少量参数让模型产生特定输出来综合判断模型是否被窃取。实验结果表明,所提方案用较小开销保证了水印的高保真度,在标签查询、知识蒸馏等攻击下仍具有较高稳定性,且能规避恶意检测风险。In response to the limitations of classical model watermarking techniques in protecting model ownership,such as poor robustness and low extraction rates,we propose a fusion watermarking model protection scheme that integrates the advantages of white-box and black-box watermarking.A strategy is proposed to divide the dataset samples into benign samples,style transfer samples,and key samples based on the size of Shannon entropy.The style transfer sample set is used to embed external features into the model,while the labels of key samples are used to embed internal features into the model.A binary classifier is trained,and a mask gradient descent method is employed to modify a minimal number of parameters to generate specific outputs for comprehensive judgment of model theft.Experimental results demonstrate that the proposed scheme ensures high fidelity of the watermark with less overhead.It exhibits high stability against attacks such as label querying and knowledge distillation,while also avoiding the risk of malicious detection.

关 键 词:模型保护 融合水印 数据划分 特征嵌入 

分 类 号:TP183[自动化与计算机技术—控制理论与控制工程]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象