A DLM watermarking method based on a spatiotemporal chaos with DNA computing

IF 5.5 2区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Neurocomputing Pub Date : 2025-07-19 DOI:10.1016/j.neucom.2025.130981

Dehui Wang , Yingqian Zhang , Qiang Wei , Yumei Xue , Shuang Zhou

{"title":"A DLM watermarking method based on a spatiotemporal chaos with DNA computing","authors":"Dehui Wang , Yingqian Zhang , Qiang Wei , Yumei Xue , Shuang Zhou","doi":"10.1016/j.neucom.2025.130981","DOIUrl":null,"url":null,"abstract":"<div><div>Intellectual property (IP) protection for deep learning models (DLM) remains a hotspot, while the main solution is to give each model a universal and useful identity, which is analogous to the identification systems in human society. Recently, black-box watermarking technique has emerged as the primary option for IPP, however, small key space and fraudulent ownership claim attacks are still unresolved. In this paper, we proposed a black-box watermarking method based on a spatiotemporal chaos, Arnold Coupled Logistic Map Lattices (ACLML), with DNA permutation. Firstly, the ACLML can provide favorable chaotic properties to the trigger set and make it unpredictable against machine learning attacks and statistical inference. Secondly, the motion of the ACLML is controlled by particular parameters, which can provide a large key space and assign each model a unique identifier, meeting the commercialization needs of DLM. Thirdly, the trigger samples and chaotic values that build the trigger set are mutually independent, guaranteeing the security of the watermark. Theoretical analysis indicates that our scheme is secure and practical. We also compared it with the previous method, the experimental results demonstrate that our method shows better robustness against fine-tuning attacks and overwriting attacks. Moreover, it also effectively suppresses fraudulent ownership claim attacks.</div></div>","PeriodicalId":19268,"journal":{"name":"Neurocomputing","volume":"652 ","pages":"Article 130981"},"PeriodicalIF":5.5000,"publicationDate":"2025-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Neurocomputing","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0925231225016534","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Intellectual property (IP) protection for deep learning models (DLM) remains a hotspot, while the main solution is to give each model a universal and useful identity, which is analogous to the identification systems in human society. Recently, black-box watermarking technique has emerged as the primary option for IPP, however, small key space and fraudulent ownership claim attacks are still unresolved. In this paper, we proposed a black-box watermarking method based on a spatiotemporal chaos, Arnold Coupled Logistic Map Lattices (ACLML), with DNA permutation. Firstly, the ACLML can provide favorable chaotic properties to the trigger set and make it unpredictable against machine learning attacks and statistical inference. Secondly, the motion of the ACLML is controlled by particular parameters, which can provide a large key space and assign each model a unique identifier, meeting the commercialization needs of DLM. Thirdly, the trigger samples and chaotic values that build the trigger set are mutually independent, guaranteeing the security of the watermark. Theoretical analysis indicates that our scheme is secure and practical. We also compared it with the previous method, the experimental results demonstrate that our method shows better robustness against fine-tuning attacks and overwriting attacks. Moreover, it also effectively suppresses fraudulent ownership claim attacks.

查看原文本刊更多论文

基于时空混沌和DNA计算的DLM水印方法

深度学习模型（DLM）的知识产权保护一直是一个研究热点，而主要的解决方案是为每个模型提供一个通用的、有用的身份，类似于人类社会中的身份识别系统。近年来，黑盒水印技术已成为IPP的主要选择，但小密钥空间和欺诈性所有权声明攻击仍未得到解决。本文提出了一种基于DNA排列的时空混沌阿诺德耦合逻辑映射格（ACLML）的黑盒水印方法。首先，ACLML可以为触发集提供有利的混沌特性，使其对机器学习攻击和统计推断具有不可预测性。其次，通过特定的参数控制ACLML的运动，可以提供较大的密钥空间，并为每个模型分配唯一的标识符，满足DLM的商业化需求。第三，构成触发集的触发样本和混沌值相互独立，保证了水印的安全性。理论分析表明，该方案具有安全性和实用性。实验结果表明，该方法对微调攻击和覆盖攻击具有更好的鲁棒性。此外，它还有效地抑制欺诈性所有权声明攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Neurocomputing 工程技术-计算机：人工智能

CiteScore

13.10

自引率

10.00%

发文量

1382

审稿时长

70 days

期刊介绍： Neurocomputing publishes articles describing recent fundamental contributions in the field of neurocomputing. Neurocomputing theory, practice and applications are the essential topics being covered.