Deep learning watermarking using network trojan techniques

Abstract

Even with the recent breakthrough in building deep learning models and the advent of easy-to-use library and deep learning frameworks. Training deep learning models still require huge number of resources like time, data and computational power. Therefore, it is only natural that organizations who trained these networks want to protect their intellectual property. One popular method of protecting the ownership of deep neural networks is to use a watermarking scheme. In our context, we would be using network trojan techniques to watermark the deep learning model during the bott type of neural network training process, from scratch and fine-tuning. The report aims to experiment and investigate the boundaries of the network trojan techniques and watermarking scheme as well as evaluate the watermarked model to determine its effectiveness, functionality preserving aspect and robustness. The experiment will be largely conducted using the TensorFlow and Keras library and performed on Nanyang technological university’s (NTU) GPU cluster in the school of computer science and engineering.