Key points are not available for this paper at this time.
This paper proposes a watermarking method that can be used for the copyright protection of DNN models, utilizing learnable block-wise image transformation techniques and a secret key to embed a watermark. A black-box watermarking approach is used, which does not require a specific predefined training or trigger set, allowing for the remote verification of model ownership. As a result, this method can achieve copyright protection using authentication methods for DNN models. Results of experiments on established datasets 1, 2 indicate that the original watermark is not easily overwritten by pirated watermarks. Moreover, its performance in pruning attack experiments is similar to that observed in the studies cited above. However, our approach demonstrates stronger robustness against fine-tuning attacks, while also achieving higher image classification accuracy.
He et al. (Sat,) studied this question.