A survey of fragile model watermarking

IF 3.4 2区工程技术 Q2 ENGINEERING, ELECTRICAL & ELECTRONIC

Signal Processing Pub Date : 2025-05-18 DOI:10.1016/j.sigpro.2025.110088

Zhenzhe Gao, Yu Cheng, Zhaoxia Yin

{"title":"A survey of fragile model watermarking","authors":"Zhenzhe Gao, Yu Cheng, Zhaoxia Yin","doi":"10.1016/j.sigpro.2025.110088","DOIUrl":null,"url":null,"abstract":"<div><div>With the rapid development of artificial intelligence models and their widespread application across various sectors, the reliability of these models has become a critical concern. Model integrity is an essential factor for ensuring the reliability of AI models. However, several types of attacks threaten the integrity of models, such as backdoor attacks and poisoning attacks, which can lead to incorrect output. When these outputs are applied in critical areas like finance and national defense, they may pose significant risks to society. In traditional media, fragile watermarks protect content integrity. Combined with adversarial knowledge, this forms fragile model watermarking. This technique aims to safeguard model integrity by detecting tampering. Although fragile model watermarking has developed more recently than robust model copyright watermarking, it has seen rapid advancements in recent years. However, a comprehensive survey on fragile model watermarking has yet to be published. This paper provides the first comprehensive survey of fragile model watermarking, categorizing it based on the two stages of embedding and verification. It introduces the basic principles of various fragile watermarking algorithms, discussing in detail the characteristics, advantages, and limitations of these approaches. Finally, the paper presents future directions for the development of fragile model watermarking.</div></div>","PeriodicalId":49523,"journal":{"name":"Signal Processing","volume":"238 ","pages":"Article 110088"},"PeriodicalIF":3.4000,"publicationDate":"2025-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Signal Processing","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0165168425002026","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

With the rapid development of artificial intelligence models and their widespread application across various sectors, the reliability of these models has become a critical concern. Model integrity is an essential factor for ensuring the reliability of AI models. However, several types of attacks threaten the integrity of models, such as backdoor attacks and poisoning attacks, which can lead to incorrect output. When these outputs are applied in critical areas like finance and national defense, they may pose significant risks to society. In traditional media, fragile watermarks protect content integrity. Combined with adversarial knowledge, this forms fragile model watermarking. This technique aims to safeguard model integrity by detecting tampering. Although fragile model watermarking has developed more recently than robust model copyright watermarking, it has seen rapid advancements in recent years. However, a comprehensive survey on fragile model watermarking has yet to be published. This paper provides the first comprehensive survey of fragile model watermarking, categorizing it based on the two stages of embedding and verification. It introduces the basic principles of various fragile watermarking algorithms, discussing in detail the characteristics, advantages, and limitations of these approaches. Finally, the paper presents future directions for the development of fragile model watermarking.

查看原文本刊更多论文

脆弱模型水印研究进展

随着人工智能模型的快速发展及其在各个领域的广泛应用，这些模型的可靠性已成为一个关键问题。模型完整性是保证人工智能模型可靠性的重要因素。然而，有几种类型的攻击会威胁到模型的完整性，例如后门攻击和中毒攻击，这些攻击会导致错误的输出。当这些产出应用于金融和国防等关键领域时，它们可能对社会构成重大风险。在传统媒体中，脆弱的水印保护内容的完整性。结合对抗性知识，形成脆弱模型水印。该技术旨在通过检测篡改来保护模型的完整性。虽然脆弱模型水印比鲁棒模型版权水印发展得更晚，但近年来发展迅速。然而，对脆弱模型水印的研究尚未有全面的综述。本文首次对脆弱模型水印进行了全面的研究，并根据嵌入和验证两个阶段对脆弱模型水印进行了分类。介绍了各种脆弱水印算法的基本原理，详细讨论了这些算法的特点、优点和局限性。最后，对脆弱模型水印的未来发展方向进行了展望。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Signal Processing 工程技术-工程：电子与电气

CiteScore

9.20

自引率

9.10%

发文量

309

审稿时长

41 days

期刊介绍： Signal Processing incorporates all aspects of the theory and practice of signal processing. It features original research work, tutorial and review articles, and accounts of practical developments. It is intended for a rapid dissemination of knowledge and experience to engineers and scientists working in the research, development or practical application of signal processing. Subject areas covered by the journal include: Signal Theory; Stochastic Processes; Detection and Estimation; Spectral Analysis; Filtering; Signal Processing Systems; Software Developments; Image Processing; Pattern Recognition; Optical Signal Processing; Digital Signal Processing; Multi-dimensional Signal Processing; Communication Signal Processing; Biomedical Signal Processing; Geophysical and Astrophysical Signal Processing; Earth Resources Signal Processing; Acoustic and Vibration Signal Processing; Data Processing; Remote Sensing; Signal Processing Technology; Radar Signal Processing; Sonar Signal Processing; Industrial Applications; New Applications.