Abstract
Due to costly efforts during data acquisition and model training, Deep Neural Networks (DNNs) belong to the intellectual
property of the model creator. Hence, unauthorized use, theft,
or modification may lead to legal repercussions. Existing
DNN watermarking methods for ownership proof are often
non-intuitive, embed human-invisible marks, require trust in
algorithmic assessment that lacks human-understandable attributes, and rely on rigid thresholds, making it susceptible to
failure in cases of partial watermark erasure.
This paper introduces ClearStamp, the first DNN watermarking method designed for intuitive human assessment.
ClearStamp embeds visible watermarks, enabling human
decision-making without rigid value thresholds while allowing technology-assisted evaluations. ClearStamp defines a
transposed model architecture allowing to use of the model in
a backward fashion to interwove the watermark with the main
task within all model parameters. Compared to existing watermarking methods, ClearStamp produces visual watermarks
that are easy for humans to understand without requiring complex verification algorithms or strict thresholds. The watermark is embedded within all model parameters and entangled
with the main task, exhibiting superior robustness. It shows
an 8,544-bit watermark capacity comparable to the strongest
existing work. Crucially, ClearStamp’s effectiveness is model
and dataset-agnostic, and resilient against adversarial model
manipulations, as demonstrated in a comprehensive study
performed with four datasets and seven architectures.
Links and resources
Tags
community