摘要
构造一个优秀的深度神经网络(deep neural network,DNN)模型需要大量的训练数据、高性能设备以及专家智慧.DNN模型理应被视为模型所有者的知识产权(intellectual property,IP).保护DNN模型的知识产权也体现了对作为构建和训练该模型的数据要素价值的珍视.然而,DNN模型容易受到恶意用户的盗取、篡改和非法传播等攻击,如何有效保护其知识产权已成为学术研究的前沿热点与产业亟需攻克的难题.不同于现有相关综述,聚焦DNN模型水印的应用场景,从用于模型版权声明的鲁棒模型水印和用于模型完整性验证的脆弱模型水印2个维度出发,着重评述基于水印技术的DNN模型知识产权保护方法,探讨不同方法的特点、优势及局限性.同时,详细阐述DNN模型水印技术的实际应用情况.最后,在提炼各类方法共性技术的基础上,展望DNN模型知识产权保护的未来研究方向.
Constructing an excellent deep neural network(DNN)model requires a large amount of training data,highperformance equipment,and profound expertise and knowledge.Therefore,DNN models should be regarded as the intellectual property(IP)of their owners.Protecting the IP of a DNN model also underscores the appreciation for the value of the data elements integral to its development and training process.However,DNN models are vulnerable to attacks such as theft,tampering,and illegal dissemination by malicious users.The quest for effective strategies to protect their IP has emerged as a pivotal area of academic research and an urgent challenge confronting the industry.Unlike existing related reviews,we focus on the application scenarios of DNN model watermarking.We mainly review the methodologies for DNN model IP protection based on watermarking technology from two dimensions:robust model watermarking for model copyright declaration and fragile model watermarking for model integrity verification.We discuss their characteristics,advantages,and limitations.Additionally,we elaborate on the practical application of DNN model watermarking technology.Finally,by summarizing the common technologies of various methods,we prognosticate future research directions for DNN model IP protection.
作者
金彪
林翔
熊金波
尤玮婧
李璇
姚志强
Jin Biao;Lin Xiang;Xiong Jinbo;You Weijing;Li Xuan;Yao Zhiqiang(College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350117;Fujian Provincial Key Lab of Network Security and Cryptology(Fujian Normal University),Fuzhou 350117;College of Artificial Intelligence,Yango University,Fuzhou 350015)
出处
《计算机研究与发展》
EI
CSCD
北大核心
2024年第10期2587-2606,共20页
Journal of Computer Research and Development
基金
国家自然科学基金项目(62272102,62272103,62202102)
福建省自然科学基金重点项目(2023J02014)
福建省自然科学基金项目(2023J01531,2023J01295)。