This course teaches how to create persistent and unforgeable watermarks for Deep Neural Networks. The learning outcomes include understanding the importance of IP protection for model owners, learning different techniques to embed watermarks, and evaluating the effectiveness of watermarks based on specific metrics. The course covers topics such as watermark design, generation, injection, and verification. The intended audience for this course is individuals interested in protecting the ownership and integrity of Deep Neural Network models.
Stanford Seminar - Persistent and Unforgeable Watermarks for Deep Neural Networks
Stanford University via YouTube
Overview
Syllabus
Introduction.
DNNS ARE INCREASINGLY POPULAR.
DEEP NEURAL NETWORK (DNN).
DNNS ARE HARD TO TRAIN.
TWO WAYS TO BUY MODELS FROM COMPANIES.
IP PROTECTION FOR MODEL OWNER.
WATERMARKS ARE WIDELY USED FOR OWNERSHIP PROOF.
THREAT MODEL.
ATTACKS ON WATERMARKS.
EMBED WATERMARK BY REGULARIZER.
EMBED WATERMARK USING BACKDOOR.
EMBED WATERMARK USING CRYPTOGRAPHIC COMMITMENTS.
PROPERTIES.
CHALLENGE.
OUTLINE.
TWO NEW TRAINING TECHNIQUES.
WHAT ARE OUT-OF-BOUND VALUES?.
WHY OUT-OF-BOUND VALUES?.
WHAT IS NULL EMBEDDING?.
WHY NULL EMBEDDING?.
USING NULL EMBEDDING.
WONDER FILTERS: HOW TO DESIGN THE PATTERN.
WONDER FILTERS: HOW TO EMBED THE PATTERN.
WATERMARK DESIGN.
WATERMARK - GENERATION.
WATERMARK - INJECTION.
WATERMARK - VERIFICATION.
REQUIREMENTS.
EVALUATION TASKS AND METRICS.
LOW DISTORTION AND RELIABILITY.
NO FALSE POSITIVES.
AUTHENTICATION.
PIRACY RESISTANCE.
PERSISTENCE.
CONCLUSION.
Taught by
Stanford Online
