| Argument --method | Py-file | Access paper | Comments |
|---|---|---|---|
| ExponentialWeighting | ./watermarks/exponential_weighting.py | Robust Watermarking of Neural Network with Exponential Weighting | In-distribution trigger images, with exponentially weighting layers, needs a pre-trained model |
| FrontierStitching | ./watermarks/frontier_stitching.py | Adversarial Frontier Stitching for Remote Neural Network Watermarking | Perturbation-based trigger images, needs a pre-trained model for generating adversarial images |
| PiracyResistant | ./watermarks/piracy_resistant.py | Piracy Resistant Watermarks for Deep Neural Networks | Pattern-based trigger images |
| ProtectingIP | ./watermarks/protecting_ip.py | Protecting Intellectual Property of Deep Neural Networks with Watermarking | This paper implements 3 types, which are defined through the --wm_type argument. Choices: 'content' (pattern based), 'unrelated' (OOD), 'noise' |
| WeaknessIntoStrength | ./watermarks/weakness_into_strength.py | Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring | OOD trigger images, the trigger images are provided by the authors and stored in ./data/trigger_set/weakness_into_strength/, unfortunately only 100 |
| WMEmbeddedSystems | ./watermarks/wm_embedded_systems.py | Watermarking deep neural networks for embedded systems | Pattern-based trigger images |
Backdoor-based Model Watermarking is a black-box type of watermarking DNNs. The idea is based on backdooring, i.e. the model is trained on additional falsely classified so-called trigger images.
Python version: 3.7.3
Install dependencies by
pip install -r requirements.txt
Run embed_watermarks.py with arguments specifying the watermarking method, dataset, architecture and more.
For a quick example run
python embed_watermarks.py --method WeaknessIntoStrength --embed_type fromscratch --dataset cifar10 --num_classes 10 --arch resnet18 --epochs_w_wm 200 --epochs_wo_wm 0 --batch_size 64 --wm_batch_size 32 --lr 0.1 --optim SGD --sched CosineAnnealingLR --patience 20 --runname myfirstrun --save_file save_results.csv --trg_set_sizes_list 20 100
You will run the WeaknessIntoStrength (weakness_into_strength.py) watermarking method on ResNet-18 (resnet.py) on the CIFAR-10 dataset, with the trigger set sizes 20 and 100.
The trigger images for this method are stored in data/trigger_images/weakness_into_strength.
For all the other methods the trigger images first have to be generated by, e.g.,
python gen_watermarks.py --save_wm --method FrontierStitching --eps 0.25 --dataset cifar10 --trg_set_size 500 --save_file save_results_watermark_generation_frontierstitching.csv
The attacks are performed by running attacks.py. For example, we run the pruning attack on the model we trained before with the runname myfirstrun by
python attack.py --attack_type pruning --pruning_rates 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 --method WeaknessIntoStrength --trg_set_size 100 --dataset cifar10 --arch resnet18 --num_classes 10 --batch_size 64 --wm_batch_size 32 --save_file save_results_after_pruning.csv --loadmodel myfirstrun
Show your support by ⭐ the project. Pull requests are always welcome.