Deep Neural Network Image Classification Watermarking
This repository contains the official PyTorch implementation of the following paper to appear at IEEE Security and Privacy 2022:
SoK: How Robust is Deep Neural Network Image Classification Watermarking?
Nils Lukas, Edward Jiang,
Xinda Li, Florian Kerschbaumhttps://arxiv.org/abs/2108.04974
Abstract: Deep Neural Network (DNN) watermarking is a method for provenance verification of DNN models. Watermarking should be robust against watermark removal attacks that derive a surrogate model that evades provenance verification. Many watermarking schemes that claim robustness have been proposed, but their robustness is only validated in isolation against a relatively small set of attacks. There is no systematic, empirical evaluation of these claims against a common, comprehensive set of removal attacks. This uncertainty about a watermarking scheme’s robustness causes difficulty to trust their deployment in practice. In this paper,