Skip to content

Latest commit

 

History

History
50 lines (34 loc) · 4.98 KB

README.md

File metadata and controls

50 lines (34 loc) · 4.98 KB

Implementation of Backdoor-based Model Watermarking methods

Argument --method Py-file Access paper Comments
ExponentialWeighting ./watermarks/exponential_weighting.py Robust Watermarking of Neural Network with Exponential Weighting In-distribution trigger images, with exponentially weighting layers, needs a pre-trained model
FrontierStitching ./watermarks/frontier_stitching.py Adversarial Frontier Stitching for Remote Neural Network Watermarking Perturbation-based trigger images, needs a pre-trained model for generating adversarial images
PiracyResistant ./watermarks/piracy_resistant.py Piracy Resistant Watermarks for Deep Neural Networks Pattern-based trigger images
ProtectingIP ./watermarks/protecting_ip.py Protecting Intellectual Property of Deep Neural Networks with Watermarking This paper implements 3 types, which are defined through the --wm_type argument. Choices: 'content' (pattern based), 'unrelated' (OOD), 'noise'
WeaknessIntoStrength ./watermarks/weakness_into_strength.py Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring OOD trigger images, the trigger images are provided by the authors and stored in ./data/trigger_set/weakness_into_strength/, unfortunately only 100
WMEmbeddedSystems ./watermarks/wm_embedded_systems.py Watermarking deep neural networks for embedded systems Pattern-based trigger images

What is backdoor-based watermarking?

Backdoor-based Model Watermarking is a black-box type of watermarking DNNs. The idea is based on backdooring, i.e. the model is trained on additional falsely classified so-called trigger images.

How to use

Python version: 3.7.3

Install dependencies by

pip install -r requirements.txt

Run embed_watermarks.py with arguments specifying the watermarking method, dataset, architecture and more.

For a quick example run

python embed_watermarks.py  --method WeaknessIntoStrength --embed_type fromscratch --dataset cifar10 --num_classes 10 --arch resnet18  --epochs_w_wm 200 --epochs_wo_wm 0 --batch_size 64 --wm_batch_size 32 --lr 0.1 --optim SGD --sched CosineAnnealingLR --patience 20 --runname myfirstrun --save_file save_results.csv --trg_set_sizes_list 20 100

You will run the WeaknessIntoStrength (weakness_into_strength.py) watermarking method on ResNet-18 (resnet.py) on the CIFAR-10 dataset, with the trigger set sizes 20 and 100.

The trigger images for this method are stored in data/trigger_images/weakness_into_strength.

For all the other methods the trigger images first have to be generated by, e.g.,

python gen_watermarks.py --save_wm --method FrontierStitching --eps 0.25 --dataset cifar10 --trg_set_size 500 --save_file save_results_watermark_generation_frontierstitching.csv

The attacks are performed by running attacks.py. For example, we run the pruning attack on the model we trained before with the runname myfirstrun by

python attack.py --attack_type pruning --pruning_rates 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 --method WeaknessIntoStrength --trg_set_size 100 --dataset cifar10 --arch resnet18 --num_classes 10 --batch_size 64 --wm_batch_size 32 --save_file save_results_after_pruning.csv --loadmodel myfirstrun

Contribute

Show your support by ⭐ the project. Pull requests are always welcome.