Ownership protection of deep learning models using watermarking

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-06-03 DOI:10.1016/j.compeleceng.2025.110481

Md. Ishfaque Ahmed , Kedar Nath Singh , Himanshu Kumar Singh , Amit Kumar Singh , Amrit Kumar Agrawal

{"title":"Ownership protection of deep learning models using watermarking","authors":"Md. Ishfaque Ahmed , Kedar Nath Singh , Himanshu Kumar Singh , Amit Kumar Singh , Amrit Kumar Agrawal","doi":"10.1016/j.compeleceng.2025.110481","DOIUrl":null,"url":null,"abstract":"<div><div>Deep learning (DL) models have achieved remarkable success in the multimedia domain. However, the potential misuse of these powerful models poses significant challenges in many security-sensitive domains. To address this issue, digital watermarking schemes have emerged, aiming to embed watermark information into DL models to prove copyright ownership. In this paper, we propose a copyright protection scheme for DL models to resolve ownership conflicts and enhance overall system security. Initially, we generate two different watermarks using chaotic and Gold sequences. The generated watermarks are then embedded into selected layers of the DL model using redundant discrete wavelet transform and singular value decomposition. After the watermarking process, we shuffle the model’s weights before sharing it with a third party. On the receiver’s side, the inverse of the embedding process, followed by watermark verification, ensures secure access to authentic and unaltered model data. Ownership analysis shows that the proposed scheme is robust against pruning and fine-tuning attacks. Experimental results further validate the effectiveness of the proposed scheme compared to other competitive approaches.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"125 ","pages":"Article 110481"},"PeriodicalIF":4.0000,"publicationDate":"2025-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625004240","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Deep learning (DL) models have achieved remarkable success in the multimedia domain. However, the potential misuse of these powerful models poses significant challenges in many security-sensitive domains. To address this issue, digital watermarking schemes have emerged, aiming to embed watermark information into DL models to prove copyright ownership. In this paper, we propose a copyright protection scheme for DL models to resolve ownership conflicts and enhance overall system security. Initially, we generate two different watermarks using chaotic and Gold sequences. The generated watermarks are then embedded into selected layers of the DL model using redundant discrete wavelet transform and singular value decomposition. After the watermarking process, we shuffle the model’s weights before sharing it with a third party. On the receiver’s side, the inverse of the embedding process, followed by watermark verification, ensures secure access to authentic and unaltered model data. Ownership analysis shows that the proposed scheme is robust against pruning and fine-tuning attacks. Experimental results further validate the effectiveness of the proposed scheme compared to other competitive approaches.

查看原文本刊更多论文

基于水印的深度学习模型所有权保护

深度学习（DL）模型在多媒体领域取得了显著的成功。然而，这些强大模型的潜在误用在许多安全敏感领域带来了重大挑战。为了解决这个问题，出现了数字水印方案，旨在将水印信息嵌入到深度学习模型中以证明版权所有权。在本文中，我们提出了一种DL模型的版权保护方案，以解决所有权冲突并提高整个系统的安全性。首先，我们使用混沌序列和黄金序列生成两种不同的水印。然后使用冗余离散小波变换和奇异值分解将生成的水印嵌入到DL模型的选定层中。在水印过程之后，我们在与第三方共享之前对模型的权重进行洗牌。在接收方，嵌入过程的逆过程，以及随后的水印验证，确保了对真实和未改变的模型数据的安全访问。所有权分析表明，该方案对剪枝和微调攻击具有鲁棒性。实验结果进一步验证了该方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.