all InfoSec news
Evaluating the Robustness of Trigger Set-Based Watermarks Embedded in Deep Neural Networks. (arXiv:2106.10147v2 [cs.CR] UPDATED)
cs.CR updates on arXiv.org arxiv.org
Trigger set-based watermarking schemes have gained emerging attention as they
provide a means to prove ownership for deep neural network model owners. In
this paper, we argue that state-of-the-art trigger set-based watermarking
algorithms do not achieve their designed goal of proving ownership. We posit
that this impaired capability stems from two common experimental flaws that the
existing research practice has committed when evaluating the robustness of
watermarking algorithms: (1) incomplete adversarial evaluation and (2)
overlooked adaptive attacks. We conduct a …
algorithms art attention embedded emerging flaws network networks neural network neural networks ownership practice prove research research practice robustness state trigger watermarking