Figure 6 - uploaded by Yiming Li
Content may be subject to copyright.
The results of our methods and other baselines with various architectures against FT attack. Our method consistently improves watermark robustness.
Source publication
Deep neural networks are valuable assets considering their commercial benefits and huge demands for costly annotation and computation resources. To protect the copyright of DNNs, backdoor-based ownership verification becomes popular recently, in which the model owner can watermark the model by embedding a specific backdoor behavior before releasing...
Contexts in source publication
Context 1
... we explore the effect of the model architectures across different sizes including Mo- bileNetV2 [40] (a tiny model), VGG16 [42], ResNet-18 and ResNet-50 [13] (a relatively large model) with same hyper-parameters (especially ϵ). As shown in Figure 6, our method always achieves notable improvements (> 30%) compared with other baseline methods in all cases. ...
Context 2
... we explore the effect of the model architectures across different sizes including Mo- bileNetV2 [40] (a tiny model), VGG16 [42], ResNet-18 and ResNet-50 [13] (a relatively large model) with same hyper-parameters (especially ϵ). As shown in Figure 6, our method always achieves notable improvements (> 30%) compared with other baseline methods in all cases. ...
Similar publications
In this paper, we propose a new DNN watermarking method that can be usedfor copyright protection of DNN models. This method utilizes learnable blockwiseimage transformation techniques and a secret key to embed watermarkinto a DNN model. Additionally, the method utilizes a black-box watermarkingapproach that does not require a specific predefined tr...