Due to the widespread use and proliferation of Deep Neural Networks (DNNs), safeguarding their Intellectual Property Rights (IPR) has become increasingly important. This paper proposes a method for watermarking a cyclic Generative Adversarial Network (GAN), specifically CycleGAN, to address the gap between the watermarking of conventional GAN models and cyclic GAN watermarking. The proposed method involves training a watermark decoder, which is then frozen and used to extract the watermark bits during the training of the CycleGAN model. The model is trained using specific loss functions that are optimized to achieve excellent performance on both the Image to-Image Translation (I2IT) task and watermark embedding. Besides, a comprehensive theoretical and practical statistical analysis to verify the ownership of the model from the extracted watermark bits is given. At last, the model's robustness is evaluated against image post-processing, and further improved by finetuning the watermark decoder by applying data augmentation to the generated images before extracting the watermark bits. We also verify the robustness of the watermark to surrogate model attacks, carried out by accessing the watermarked model in a black-box modality. The experimental results demonstrate that the proposed method is effective and robust against image post-processing and can resist surrogate model attacks.
Lin, D., Tondi, B., Li, B., Barni, M. (2024). A CycleGAN Watermarking Method for Ownership Verification. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 1-15 [10.1109/TDSC.2024.3424900].
A CycleGAN Watermarking Method for Ownership Verification
Tondi B.;Barni M.
2024-01-01
Abstract
Due to the widespread use and proliferation of Deep Neural Networks (DNNs), safeguarding their Intellectual Property Rights (IPR) has become increasingly important. This paper proposes a method for watermarking a cyclic Generative Adversarial Network (GAN), specifically CycleGAN, to address the gap between the watermarking of conventional GAN models and cyclic GAN watermarking. The proposed method involves training a watermark decoder, which is then frozen and used to extract the watermark bits during the training of the CycleGAN model. The model is trained using specific loss functions that are optimized to achieve excellent performance on both the Image to-Image Translation (I2IT) task and watermark embedding. Besides, a comprehensive theoretical and practical statistical analysis to verify the ownership of the model from the extracted watermark bits is given. At last, the model's robustness is evaluated against image post-processing, and further improved by finetuning the watermark decoder by applying data augmentation to the generated images before extracting the watermark bits. We also verify the robustness of the watermark to surrogate model attacks, carried out by accessing the watermarked model in a black-box modality. The experimental results demonstrate that the proposed method is effective and robust against image post-processing and can resist surrogate model attacks.
| File | Dimensione | Formato | |
|---|---|---|---|
|
A_CycleGAN_Watermarking_Method_for_Ownership_Verification.pdf
non disponibili
Tipologia:
Pre-print
Licenza:
NON PUBBLICO - Accesso privato/ristretto
Dimensione
2.74 MB
Formato
Adobe PDF
|
2.74 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11365/1267395