CINECA IRIS Institutional Research Information System

The present study deals with white-box Neural Network (NN) watermarking and focuses on the robustness property. The first contribution consists of formalizing neuron permutation as a geometric attack, thus demonstrating the very existence of this class of attacks for NN watermarking. The second contribution consists in devising and demonstrating the effectiveness of the corresponding counter-attack. As a side result, the possibility of extending NN white-box watermarking scope beyond image classification is brought to light. The experimental study considers three state-of-the-art methods, four NN models, three tasks (image classification, segmentation, and video coding), and five types of attacks. We underline that none of the existing methods is robust against the geometric attack, and using the counter-attack advanced in this paper effectively ensures the robustness.

A Hitchhiker's Guide to White-Box Neural Network Watermarking Robustness

De Sousa Trias C.;Mitrea M.;Tartaglione E.;Fiandrotti A.;Cagnazzo M.;Chaudhuri S.

2023-01-01

Abstract

The present study deals with white-box Neural Network (NN) watermarking and focuses on the robustness property. The first contribution consists of formalizing neuron permutation as a geometric attack, thus demonstrating the very existence of this class of attacks for NN watermarking. The second contribution consists in devising and demonstrating the effectiveness of the corresponding counter-attack. As a side result, the possibility of extending NN white-box watermarking scope beyond image classification is brought to light. The experimental study considers three state-of-the-art methods, four NN models, three tasks (image classification, segmentation, and video coding), and five types of attacks. We underline that none of the existing methods is robust against the geometric attack, and using the counter-attack advanced in this paper effectively ensures the robustness.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno
	
				2023
			
	Titolo dell'evento
	
				11th European Workshop on Visual Information Processing, EUVIP 2023
			
	Luogo dell'evento
	
				Gjøvik
			
	Data dell'evento
	
				2023
			
	Titolo del volume
	
				Proceedings - European Workshop on Visual Information Processing, EUVIP
			
	Nome editore
	
				Institute of Electrical and Electronics Engineers Inc.
			
	Pagine (da)
	
				1
			
	Pagine (a)
	
				6
			
	DOI
	
				https://dx.doi.org/10.1109/EUVIP58404.2023.10323067
			
	Parole Chiave
	
				counter-attack; geometric attacks; neural network; robustness; watermarking; white-box
			
	Tutti gli autori
	
						De Sousa Trias C.; Mitrea M.; Tartaglione E.; Fiandrotti A.; Cagnazzo M.; Chaudhuri S.
					
	Appare nelle tipologie:
	
				04A-Conference paper in volume

File in questo prodotto:

File	Dimensione	Formato
Carl hitchhiker EUVIP23_permutation_watermark.pdf Accesso aperto Dimensione 925.43 kB Formato Adobe PDF Visualizza/Apri	925.43 kB	Adobe PDF	Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2318/2037890

Citazioni

ND

1

ND

social impact