Copyright protection of deep image classification models
With the growing number of tasks solved using deep learning methods, the need for protection against unauthorized distribution of the intellectual property such as pre-trained models of deep neural networks is growing. To date, one of the most common ways to protect copyright in the digital space is...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Samara National Research University
2023-12-01
|
| Series: | Компьютерная оптика |
| Subjects: | |
| Online Access: | https://www.computeroptics.ru/eng/KO/Annot/KO47-6/470616e.html |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832580345219776512 |
|---|---|
| author | Y.D. Vybornova D.I. Ulyanov |
| author_facet | Y.D. Vybornova D.I. Ulyanov |
| author_sort | Y.D. Vybornova |
| collection | DOAJ |
| description | With the growing number of tasks solved using deep learning methods, the need for protection against unauthorized distribution of the intellectual property such as pre-trained models of deep neural networks is growing. To date, one of the most common ways to protect copyright in the digital space is through embedding digital watermarks. When solving the problem of watermark embedding, an important criterion is the preservation of the model prediction accuracy after introducing the protective information. In this paper, we propose a method for embedding digital watermarks into image classification models based on adding images obtained by superimposing pseudo-holograms on images of the original dataset to the training set. A pseudo-hologram is an image synthesized on the basis of a given binary sequence by arranging pulses for bit encoding in the spectral region. Results of the experimental study show that the proposed method allows one to maintain the classification quality, while also retaining its performance regardless of the architecture of the protected neural network. The conducted series of attacks on protected models show that attempts of an attacker to completely remove the watermark will almost inevitably lead to a significant loss in the model prediction quality. The results of the experiments also include recommendations on the choice of method parameters, such as the size of the trigger and training sets, as well as the length of sequences encoded by pseudo-holograms. |
| format | Article |
| id | doaj-art-447fd52075794553ab00b30f0f10cddf |
| institution | Kabale University |
| issn | 0134-2452 2412-6179 |
| language | English |
| publishDate | 2023-12-01 |
| publisher | Samara National Research University |
| record_format | Article |
| series | Компьютерная оптика |
| spelling | doaj-art-447fd52075794553ab00b30f0f10cddf2025-01-30T11:05:04ZengSamara National Research UniversityКомпьютерная оптика0134-24522412-61792023-12-0147698099010.18287/2412-6179-CO-1302Copyright protection of deep image classification modelsY.D. Vybornova0D.I. Ulyanov1Samara National Research UniversitySamara National Research UniversityWith the growing number of tasks solved using deep learning methods, the need for protection against unauthorized distribution of the intellectual property such as pre-trained models of deep neural networks is growing. To date, one of the most common ways to protect copyright in the digital space is through embedding digital watermarks. When solving the problem of watermark embedding, an important criterion is the preservation of the model prediction accuracy after introducing the protective information. In this paper, we propose a method for embedding digital watermarks into image classification models based on adding images obtained by superimposing pseudo-holograms on images of the original dataset to the training set. A pseudo-hologram is an image synthesized on the basis of a given binary sequence by arranging pulses for bit encoding in the spectral region. Results of the experimental study show that the proposed method allows one to maintain the classification quality, while also retaining its performance regardless of the architecture of the protected neural network. The conducted series of attacks on protected models show that attempts of an attacker to completely remove the watermark will almost inevitably lead to a significant loss in the model prediction quality. The results of the experiments also include recommendations on the choice of method parameters, such as the size of the trigger and training sets, as well as the length of sequences encoded by pseudo-holograms.https://www.computeroptics.ru/eng/KO/Annot/KO47-6/470616e.htmlimage classification modelsdigital watermarkingcopyright protectionpseudo-holographic images |
| spellingShingle | Y.D. Vybornova D.I. Ulyanov Copyright protection of deep image classification models Компьютерная оптика image classification models digital watermarking copyright protection pseudo-holographic images |
| title | Copyright protection of deep image classification models |
| title_full | Copyright protection of deep image classification models |
| title_fullStr | Copyright protection of deep image classification models |
| title_full_unstemmed | Copyright protection of deep image classification models |
| title_short | Copyright protection of deep image classification models |
| title_sort | copyright protection of deep image classification models |
| topic | image classification models digital watermarking copyright protection pseudo-holographic images |
| url | https://www.computeroptics.ru/eng/KO/Annot/KO47-6/470616e.html |
| work_keys_str_mv | AT ydvybornova copyrightprotectionofdeepimageclassificationmodels AT diulyanov copyrightprotectionofdeepimageclassificationmodels |