RIGA: Covert and Robust White-Box Watermarking of Deep Neural Networks
About
Watermarking of deep neural networks (DNN) can enable their tracing once released by a data owner. In this paper, we generalize white-box watermarking algorithms for DNNs, where the data owner needs white-box access to the model to extract the watermark. White-box watermarking algorithms have the advantage that they do not impact the accuracy of the watermarked model. We propose Robust whIte-box GAn watermarking (RIGA), a novel white-box watermarking algorithm that uses adversarial training. Our extensive experiments demonstrate that the proposed watermarking algorithm not only does not impact accuracy, but also significantly improves the covertness and robustness over the current state-of-art.
Tianhao Wang, Florian Kerschbaum• 2019
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Watermark Restoration | CIFAR-100 original (test) | Clean Similarity96.88 | 13 | |
| Watermark similarity restoration | DenseNet | Clean Similarity1 | 9 | |
| Watermark similarity restoration | ResNet-18 watermarked | Clean Similarity0.9766 | 9 | |
| Watermark similarity restoration | EfficientNet watermarked | Clean Similarity90.62 | 9 | |
| Watermark similarity restoration | Inception V3 | Clean Similarity Score0.9688 | 9 |
Showing 5 of 5 rows