|
| | | | |
| | | |
| Stat |
Members: 3669
Articles: 2'599'751
Articles rated: 2609
18 March 2025 |
|
| | | | |
|
Article overview
| |
|
|
Backdoor Watermarking Deep Learning Classification Models With Deep Fidelity | | Guang Hua
; Andrew Beng Jin Teoh
; | | Date: |
1 Aug 2022 | | Abstract: | Backdoor Watermarking is a promising paradigm to protect the copyright of
deep neural network (DNN) models for classification tasks. In the existing
works on this subject, researchers have intensively focused on watermarking
robustness, while fidelity, which is concerned with the original functionality,
has received less attention. In this paper, we show that the existing shared
notion of the sole measurement of learning accuracy is insufficient to
characterize backdoor fidelity. Meanwhile, we show that the analogous concept
of embedding distortion in multimedia watermarking, interpreted as the total
weight loss (TWL) in DNN backdoor watermarking, is also unsuitable to measure
the fidelity. To solve this problem, we propose the concept of deep fidelity,
which states that the backdoor watermarked DNN model should preserve both the
feature representation and decision boundary of the unwatermarked host model.
Accordingly, to realize deep fidelity, we propose two loss functions termed as
penultimate feature loss (PFL) and softmax probability-distribution loss (SPL)
to preserve feature representation, while the decision boundary is preserved by
the proposed fix last layer (FixLL) treatment, inspired by the recent discovery
that deep learning with a fixed classifier causes no loss of learning accuracy.
With the above designs, both embedding from scratch and fine-tuning strategies
are implemented to evaluate deep fidelity of backdoor embedding, whose
advantages over the existing methods are verified via experiments using
ResNet18 for MNIST and CIFAR-10 classifications, and wide residual network
(i.e., WRN28_10) for CIFAR-100 task. | | Source: | arXiv, 2208.00563 | | Services: | Forum | Review | PDF | Favorites | |
|
|
No review found.
Did you like this article?
Note: answers to reviews or questions about the article must be posted in the forum section.
Authors are not allowed to review their own article. They can use the forum section.
|
| |
|
|
|
REGISTER