Stanford Seminar - Persistent and Unforgeable Watermarks for Deep Neural Networks

Explore a Stanford seminar on persistent and unforgeable watermarks for deep neural networks. Delve into the increasing popularity of DNNs, their training challenges, and the importance of IP protection for model owners. Learn about various watermarking techniques, including embedding through regularizers, backdoors, and cryptographic commitments. Discover two new training techniques: out-of-bound values and null embedding. Examine the concept of wonder filters and their role in watermark design. Understand the process of watermark generation, injection, and verification. Evaluate the effectiveness of these techniques based on low distortion, reliability, absence of false positives, authentication capabilities, piracy resistance, and persistence. Gain insights into the future of DNN watermarking and its implications for intellectual property protection in the field of artificial intelligence.

Introduction.
DNNS ARE INCREASINGLY POPULAR.
DEEP NEURAL NETWORK (DNN).
DNNS ARE HARD TO TRAIN.
TWO WAYS TO BUY MODELS FROM COMPANIES.
IP PROTECTION FOR MODEL OWNER.
WATERMARKS ARE WIDELY USED FOR OWNERSHIP PROOF.
THREAT MODEL.
ATTACKS ON WATERMARKS.
EMBED WATERMARK BY REGULARIZER.
EMBED WATERMARK USING BACKDOOR.
EMBED WATERMARK USING CRYPTOGRAPHIC COMMITMENTS.
PROPERTIES.
CHALLENGE.
OUTLINE.
TWO NEW TRAINING TECHNIQUES.
WHAT ARE OUT-OF-BOUND VALUES?.
WHY OUT-OF-BOUND VALUES?.
WHAT IS NULL EMBEDDING?.
WHY NULL EMBEDDING?.
USING NULL EMBEDDING.
WONDER FILTERS: HOW TO DESIGN THE PATTERN.
WONDER FILTERS: HOW TO EMBED THE PATTERN.
WATERMARK DESIGN.
WATERMARK - GENERATION.
WATERMARK - INJECTION.
WATERMARK - VERIFICATION.
REQUIREMENTS.
EVALUATION TASKS AND METRICS.
LOW DISTORTION AND RELIABILITY.
NO FALSE POSITIVES.
AUTHENTICATION.
PIRACY RESISTANCE.
PERSISTENCE.
CONCLUSION.