Not Just Change the Labels, Learn the Features: Watermarking Deep Neural Networks with Multi-View Data
Multiview dATa (MAT) is a novel watermarking technique based on Multiview data for efficiently embedding watermarks within DNNs. Experiments across various benchmarks demonstrated its efficacy in defending against model extraction attacks.
Not Just Change the Labels, Learn the Features: Watermarking Deep Neural Networks with Multi-View Data
[Yuxuan Li , Sarthak Kumar Maharana, Yunhui Guo
Harbin Institute of Technology, UT Dallas
ECCV 2024
First, train a clean model.
CUDA_VISIBLE_DEVICES=0 python train.py -msg clean_24000 --train-type none --train_cleanThen, generate trigger set through clean model.
python build_generated_cifar10.pyTrain a MAT watermark model.
CUDA_VISIBLE_DEVICES=0 python train.py -msg 100_generated_trigger_set_24000_add_feature_loss_dist_reg_0.01 --train-type none --trigger_type add_feature_loss --dist_reg 0.01Attack the MAT watermark model.
CUDA_VISIBLE_DEVICES=0 python extraction.py -msg 100_generated_trigger_set_24000_add_feature_loss_dist_reg_0.01 --train-type none
CUDA_VISIBLE_DEVICES=0 python distill.py -msg 100_generated_trigger_set_24000_add_feature_loss_dist_reg_0.01 --train-type none --distill-alpha 0.7
CUDA_VISIBLE_DEVICES=0 python finetune.py -msg 100_generated_trigger_set_24000_add_feature_loss_dist_reg_0.01 --train-type none
CUDA_VISIBLE_DEVICES=0 python fineprune.py -msg 100_generated_trigger_set_24000_add_feature_loss_dist_reg_0.01 --train-type noneVerify.
python test.py -m ./experiments/cifar10_res18_none_100_100_generated_trigger_set_24000_add_feature_loss_dist_reg_0.01/extraction/checkpoints/checkpoint_nat_best.pt
python test.py -m ./experiments/cifar10_res18_none_100_100_generated_trigger_set_24000_add_feature_loss_dist_reg_0.01/fineprune/checkpoints/checkpoint_nat_best.pt --pruningOur project is implemented base on the following projects. We really appreciate their excellent open-source works!
- [Margin-based Neural Network Watermarking](GitHub - matbambbang/margin-based-watermarking: The source codes of the paper 'Margin-based Neural Network Watermarking')
If our work has been helpful to you, we would greatly appreciate a citation.
@article{li2024not,
title={Not Just Change the Labels, Learn the Features: Watermarking Deep Neural Networks with Multi-View Data},
author={Li, Yuxuan and Maharana, Sarthak Kumar and Guo, Yunhui},
journal={arXiv preprint arXiv:2403.10663},
year={2024}
}