Image Processing Model Watermarking Method Based on #br#
Attention Mechanism and Passport Layer Embedding#br#

Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (9): 849-.

Previous Articles Next Articles

Image Processing Model Watermarking Method Based on #br# Attention Mechanism and Passport Layer Embedding#br#

Chen Xianyi, Zhou Hao, Liu Tengjun, and Yan Leiming

(School of Computer Science, Nanjing University of Information Science and Technology, Nanjing, 210044)

Online:2024-09-25 Published:2024-09-29

基于注意力机制和护照层嵌入的图像处理模型水印方法

陈先意周浩刘腾骏闫雷鸣

(南京信息工程大学计算机学院南京210044)

通讯作者: 周浩硕士研究生.主要研究方向为人工智能安全. wwwyzhouhao@163.com
作者简介:陈先意博士，副教授.主要研究方向为区块链安全、大数据安全及人工智能安全. xianyi_chen@nuist.edu.cn 周浩硕士研究生.主要研究方向为人工智能安全. wwwyzhouhao@163.com 刘腾骏博士，讲师.主要研究方向为数字资产知识产权保护. 003825@nuist.edu.cn 闫雷鸣博士，副教授.主要研究方向为人工智能安全、大数据安全、自然语言处理. yan_leiming@163.com

Abstract

Abstract: With the wide application of deep neural networks in the field of artificial intelligence, the copyright protection of deep neural networks has received extensive attention. However, so far, most of the methods for model copyright protection focus on detection or classification tasks, and are difficult to be directly applied to image processing networks. To this end, this paper proposes an image processing model copyright protection framework combining attention mechanism and passport layer embedding. Firstly, the channel and spatial attention network are used in the watermark embedding network to locate the human eye insensitive area in the image, which improves the robustness and imperceptibility of the watermark. Secondly, the passport layer watermark is inserted after the convolution layer of the target model to improve the ability to resist the ambiguity attacks. Finally, the combination loss is designed to guide the convergence direction of the model in combination with structural consistency and passport layer factors. Experimental results on superresolution and semantic segmentation models show that the watermark extraction rate of this method is more than 98%, and it has good robustness to surrogate attack and ambiguity attack.

Key words: deep learning, model watermark, copyright protection, attention mechanism, passport layer

摘要： 随着深度神经网络在人工智能领域的广泛应用，深度神经网络的版权保护受到广泛关注.然而，到目前为止模型版权保护的方法大多集中在检测或分类任务上，难以直接应用于图像处理网络.为此，提出一种结合注意力机制和护照层嵌入的图像处理模型版权保护框架.首先通过在水印嵌入网络中使用通道和空间注意力网络定位图像中人眼不敏感区域，提高水印的鲁棒性和不可感知性.其次在目标模型的卷积层后插入护照层水印提高抵御混淆攻击的能力，最后结合结构一致性、护照层因子等设计组合损失引导模型收敛方向.超分辨率模型SRGAN和语义分割模型CycleGAN上的实验结果表明，该方法的水印提取率超过98%，并对代理攻击和混淆攻击具有较好的鲁棒性.

关键词: 深度学习, 模型水印, 版权保护, 注意力机制, 护照层

CLC Number:

TP309

陈先意, 周浩, 刘腾骏, 闫雷鸣, . 基于注意力机制和护照层嵌入的图像处理模型水印方法[J]. 信息安全研究, 2024, 10(9): 849-.

References

［1］Adi Y, Baum C, Cisse M, et al. Turning your weakness into a strength: Watermarking deep neural networks by backdooring［C］ Proc of the 27th USENIX Security Symp. Berkeley, CA: USENIX Association, 2018: 16151631［2］Uchida Y, Nagai Y, Sakazawa S, et al. Embedding watermarks into deep neural networks［C］ Proc of the 2017 ACM Int Conf on Multimedia Retrieval. New York: ACM, 2017: 269277［3］李金新, 黄志勇, 李文斌, 等. 基于多层次特征融合的图像超分辨率重建［J］. 自动化学报, 2023, 49(1): 161171［4］胡煜, 陈小波, 梁军, 等. 基于组件特征与多注意力融合的车辆重识别方法［J］. 计算机研究与发展, 2022, 59(11): 24972506［5］肖桂阳, 王立松, 江国华. 一种文本图像增强的多模态知识图谱嵌入方法［J］. 计算机科学, 2023, 50(8): 163169［6］Ruan Hongjia, Song Huihui, Liu Bo, et al. Intellectual property protection for deep semantic segmentation models［J］. Frontiers of Computer Science, 2023, 17(1): 171306［7］Ong D S, Chan C S, Ng K W, et al. Protecting intellectual property of generative adversarial networks from ambiguity attacks［C］ Proc of the IEEECVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2021: 36303639［8］Guo Junfeng, Li Yiming, Chen Xun, et al. Scaleup: An efficient blackbox inputlevel backdoor detection via analyzing scaled prediction consistency［COL］ 2023 ［20240305］. https:doi.org10.48550arXiv.2302.03251［9］Fan L, Ng K W, Chan C S. Rethinking deep neural network ownership verification: Embedding passports to defeat ambiguity attacks［J］. Advances in Neural Information Processing Systems, 2019, 32: 47144723［10］Ronneberger O, Fischer P, Brox T. UNet: Convolutional networks for biomedical image segmentation［C］ Proc of the 18th MICCAI Medical Image Computing and ComputerAssisted Intervention (MICCAI 2015) Int Conference. Berlin: Springer, 2015: 234241［11］Fan Qingnan, Yang Jiaolong, Hua Gang, et al. A generic deep architecture for single image reflection removal and image smoothing［C］ Proc of the IEEE Int Conf on Computer Vision. Piscataway, NJ: IEEE, 2017: 32383247［12］Sculley D, Elliott J, Moser J, et al. Unsplash dataset［DBOL］. (20221014) ［20231221］. https:www.kaggle.comdatasetsquadeer15shimagesuperresolutionfromunsplash［13］Deng J, Dong W, Socher R, et al. ImageNet: A largescale hierarchical image database［C］ Proc of 2009 IEEE Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2009: 248255［14］Cordts M, Omran M, Ramos S, et al. The cityscapes dataset for semantic urban scene understanding［C］ Proc of the IEEE Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2016: 32133223［15］Wu Hanzhou, Liu Gen, Yao Yuwei, et al. Watermarking neural networks with watermarked images［J］. IEEE Trans on Circuits and Systems for Video Technology, 2020, 31(7): 25912601

[1]	. A Review of GPU Acceleration Technology for Deep Learning in Plaintext and Private Computing Environments [J]. Journal of Information Security Reserach, 2024, 10(7): 586-.
[2]	. Model of Intrusion Detection Based on Federated Learning and Convolutional Neural Network [J]. Journal of Information Security Reserach, 2024, 10(7): 642-.
[3]	. An Automatic Vulnerability Classification Framework Based on BiGRU TextCNN [J]. Journal of Information Security Reserach, 2024, 10(5): 446-.
[4]	. Adversarial Attack Algorithm Based on Multimodel Scheduling Optimization#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(5): 403-.
[5]	. Research on Network Traffic Intrusion Detection Method Based on Denoising Diffusion Probability Model [J]. Journal of Information Security Reserach, 2024, 10(5): 421-.
[6]	. Enhanced Malware Sample Generation Scheme Based on Convolution Attention Mechanism [J]. Journal of Information Security Reserach, 2024, 10(5): 431-.
[7]	. Research on Source Code Vulnerability Detection Based on BERT Model [J]. Journal of Information Security Reserach, 2024, 10(4): 294-.
[8]	. A Network Intrusion Detection Model Integrating CNN-BiGRU and Attention Mechanism [J]. Journal of Information Security Reserach, 2024, 10(3): 202-.
[9]	. Malicious TLS Traffic Detection Based on Graph Representation#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(3): 209-.
[10]	. Malware Detection and Classification Based on GHM Visualization and Deep Learning [J]. Journal of Information Security Reserach, 2024, 10(3): 216-.
[11]	. Research on Location Attack Detection of VANET Based on Incremental Learning [J]. Journal of Information Security Reserach, 2024, 10(3): 277-.
[12]	. Cyberbullying Detection Model Based on ELMoTextCNN [J]. Journal of Information Security Reserach, 2023, 9(9): 868-.
[13]	. Research on Blockchain Abnormal Transaction Detection Technology Based on LightGBM [J]. Journal of Information Security Reserach, 2023, 9(9): 877-.
[14]	. Encrypted Proxy Traffic Identification Method Based on Convolutional Neural Network#br# [J]. Journal of Information Security Reserach, 2023, 9(8): 722-.
[15]	. Comparison Research on Intrusion Detection Model Based on Machine Learning [J]. Journal of Information Security Reserach, 2023, 9(8): 739-.

Image Processing Model Watermarking Method Based on #br# Attention Mechanism and Passport Layer Embedding#br#

基于注意力机制和护照层嵌入的图像处理模型水印方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics