ipnetool：用于图像分类模型版权保护的水印和混沌

IF 6.2 2区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

Future Generation Computer Systems-The International Journal of Escience Pub Date : 2025-05-22 DOI:10.1016/j.future.2025.107907

Twinkle Tyagi , Kedar Nath Singh , Amit Kumar Singh , Brij B. Gupta

{"title":"ipnetool：用于图像分类模型版权保护的水印和混沌","authors":"Twinkle Tyagi , Kedar Nath Singh , Amit Kumar Singh , Brij B. Gupta","doi":"10.1016/j.future.2025.107907","DOIUrl":null,"url":null,"abstract":"<div><div>Deep neural network (DNN) models have demonstrated significant success in large-scale image datasets, facilitating information exchange over networks for various purposes, including user identification, remote patient health monitoring, early disease detection, and personalized medical treatments. Given the increasing reliance on DNN models for critical applications, ensuring their copyright protection has become a crucial concern in several sensitive domains. This study examines copyright violation issues in DNNs that are subjected to different types of attacks. To address this challenge, we propose a unified framework, IPNetTool, which integrates black-box and white-box watermarking with a chaotic map. This method embeds the generated hash watermark into the trigger images. The watermark is then divided into <span><math><mi>k</mi></math></span>-chunks. We leverage novel chaos-based techniques to determine the embedding location within the model parameters, after which the chunks are imperceptibly concealed in selected model layers. To evaluate the effectiveness of IPNetTool, we assess the watermarked model in both black-box and white-box scenarios on the receiver’s end. Experimental results demonstrate that IPNetTool enables two-stage ownership verification of four different image classification models under pruning, fine-tuning, and overwriting attacks while reducing the original task accuracy by less than 1% on average. To the best of our knowledge, this is the first attempt to develop a method for the copyright protection of DNN models using chaos-based embedding of a generated hash watermark and two-stage ownership verification via watermarking.</div></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":"173 ","pages":"Article 107907"},"PeriodicalIF":6.2000,"publicationDate":"2025-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"IPNetTool: Watermarking and Chaos for copyright protection of image classification models\",\"authors\":\"Twinkle Tyagi , Kedar Nath Singh , Amit Kumar Singh , Brij B. Gupta\",\"doi\":\"10.1016/j.future.2025.107907\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Deep neural network (DNN) models have demonstrated significant success in large-scale image datasets, facilitating information exchange over networks for various purposes, including user identification, remote patient health monitoring, early disease detection, and personalized medical treatments. Given the increasing reliance on DNN models for critical applications, ensuring their copyright protection has become a crucial concern in several sensitive domains. This study examines copyright violation issues in DNNs that are subjected to different types of attacks. To address this challenge, we propose a unified framework, IPNetTool, which integrates black-box and white-box watermarking with a chaotic map. This method embeds the generated hash watermark into the trigger images. The watermark is then divided into <span><math><mi>k</mi></math></span>-chunks. We leverage novel chaos-based techniques to determine the embedding location within the model parameters, after which the chunks are imperceptibly concealed in selected model layers. To evaluate the effectiveness of IPNetTool, we assess the watermarked model in both black-box and white-box scenarios on the receiver’s end. Experimental results demonstrate that IPNetTool enables two-stage ownership verification of four different image classification models under pruning, fine-tuning, and overwriting attacks while reducing the original task accuracy by less than 1% on average. To the best of our knowledge, this is the first attempt to develop a method for the copyright protection of DNN models using chaos-based embedding of a generated hash watermark and two-stage ownership verification via watermarking.</div></div>\",\"PeriodicalId\":55132,\"journal\":{\"name\":\"Future Generation Computer Systems-The International Journal of Escience\",\"volume\":\"173 \",\"pages\":\"Article 107907\"},\"PeriodicalIF\":6.2000,\"publicationDate\":\"2025-05-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Future Generation Computer Systems-The International Journal of Escience\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167739X2500202X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X2500202X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

深度神经网络（DNN）模型在大规模图像数据集上取得了显著的成功，促进了网络上各种目的的信息交换，包括用户识别、远程患者健康监测、早期疾病检测和个性化医疗。鉴于关键应用越来越依赖深度神经网络模型，确保其版权保护已成为几个敏感领域的关键问题。本研究探讨了受到不同类型攻击的dnn中的版权侵犯问题。为了应对这一挑战，我们提出了一个统一的框架，ipnetool，它将黑盒和白盒水印与混沌地图集成在一起。该方法将生成的哈希水印嵌入到触发图像中。然后将水印分成k个块。我们利用新的基于混沌的技术来确定模型参数内的嵌入位置，然后将块不知不觉地隐藏在选定的模型层中。为了评估ipnetool的有效性，我们在接收端的黑盒和白盒场景下评估了水印模型。实验结果表明，IPNetTool能够在修剪、微调和覆盖攻击下对四种不同的图像分类模型进行两阶段所有权验证，同时将原始任务准确率平均降低不到1%。据我们所知，这是第一次尝试使用基于混沌的嵌入生成的哈希水印和通过水印进行两阶段所有权验证来开发DNN模型的版权保护方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

IPNetTool: Watermarking and Chaos for copyright protection of image classification models

Deep neural network (DNN) models have demonstrated significant success in large-scale image datasets, facilitating information exchange over networks for various purposes, including user identification, remote patient health monitoring, early disease detection, and personalized medical treatments. Given the increasing reliance on DNN models for critical applications, ensuring their copyright protection has become a crucial concern in several sensitive domains. This study examines copyright violation issues in DNNs that are subjected to different types of attacks. To address this challenge, we propose a unified framework, IPNetTool, which integrates black-box and white-box watermarking with a chaotic map. This method embeds the generated hash watermark into the trigger images. The watermark is then divided into

k

-chunks. We leverage novel chaos-based techniques to determine the embedding location within the model parameters, after which the chunks are imperceptibly concealed in selected model layers. To evaluate the effectiveness of IPNetTool, we assess the watermarked model in both black-box and white-box scenarios on the receiver’s end. Experimental results demonstrate that IPNetTool enables two-stage ownership verification of four different image classification models under pruning, fine-tuning, and overwriting attacks while reducing the original task accuracy by less than 1% on average. To the best of our knowledge, this is the first attempt to develop a method for the copyright protection of DNN models using chaos-based embedding of a generated hash watermark and two-stage ownership verification via watermarking.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Future Generation Computer Systems-The International Journal of Escience 工程技术-计算机：理论方法

CiteScore

19.90

自引率

2.70%

发文量

376

审稿时长

10.6 months

期刊介绍： Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications. Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration. Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.