Key points are not available for this paper at this time.
Deep Neural Networks have recently gained lots of success after enabling breakthroughs in notoriously challenging problems. Training these is computationally expensive and requires vast amounts of training. Selling such pre-trained models can, therefore, be a lucrative business. Unfortunately, once the models are sold they can be easily copied and. To avoid this, a tracking mechanism to identify models as the property of a particular vendor is necessary. In this work, we present an approach for watermarking Deep Neural Networks in black-box way. Our scheme works for general classification tasks and can be combined with current learning algorithms. We show experimentally such a watermark has no noticeable impact on the primary task that the is designed for and evaluate the robustness of our proposal against a of practical attacks. Moreover, we provide a theoretical analysis, our approach to previous work on backdooring.
Adi et al. (Tue,) studied this question.