基于隐形后门水印的开源数据集版权保护
Copyright protection of open-sourced datasets based on invisible backdoor watermarking
黄智慧 1肖祥立 1张玉书 1薛明富1
作者信息
- 1. 南京航空航天大学计算机科学与技术学院,江苏 南京 211106
- 折叠
摘要
针对图像分类领域开源数据集的版权保护问题,提出了一种基于后门水印的可溯源方法IB-WOD,其能够保证水印在具有较强隐蔽性的同时保持良好的可用性和有效性.首先,利用一个编码器-解码器网络将后门水印嵌入到所选取的部分样本中,生成水印样本.接着,修改这些水印样本的标签为指定标签,然后将水印样本与未修改的样本合并为水印数据集.使用该水印数据集训练的模型会留下特定后门,即从后门水印到指定标签的一种映射关系.最后,提出了一种相应的模型验证算法,基于这种特殊的映射关系来验证一个可疑模型是否使用了水印数据集.实验结果表明,IBWOD能够很好地验证模型是否使用了水印数据集,并具有较强的隐蔽性.
Abstract
To address the copyright protection issue in the field of image classification datasets,a traceable method based on invisible backdoor watermarking,named IBWOD,is proposed.This method ensures the watermark's strong concealment while maintaining good usability and effectiveness.First-ly,an encoder-decoder network is used to embed the backdoor watermark into selected samples,genera-ting watermark samples.Secondly,the labels of these watermark samples are modified to specified la-bels,and then the watermark samples are merged with unmodified samples to form a watermark data-set.Models trained using this watermark dataset will leave a specific backdoor,i.e.,a mapping rela-tionship from the backdoor watermark to the specified labels.Finally,a corresponding model verifica-tion algorithm is proposed,based on this special mapping relationship,to verify if a suspicious model has used the watermark dataset.Experimental results demonstrate that IBWOD can effectively verify whether a model has used the watermark dataset and possesses strong concealment.
关键词
开源数据集/版权保护/后门水印/机器学习/图像分类Key words
open-sourced dataset/copyright protection/backdoor watermarking/machine learning/image classification引用本文复制引用
基金项目
国家自然科学基金(62072237)
江苏省研究生科研与实践创新计划(KYCX24_0610)
出版年
2024
国家科技期刊平台
NSTL
万方数据