| Argument --method | Py-file | Access paper | Comments |
|---|---|---|---|
| ExponentialWeighting | ./watermarks/exponential_weighting.py | Robust Watermarking of Neural Network with Exponential Weighting | In-distribution trigger images, with exponentially weighting layers, needs a pre-trained model |
| FrontierStitching | ./watermarks/frontier_stitching.py | Adversarial Frontier Stitching for Remote Neural Network Watermarking | Perturbation-based trigger images, needs a pre-trained model for generating adversarial images |
| PiracyResistant | ./watermarks/piracy_resistant.py | Piracy Resistant Watermarks for Deep Neural Networks | Pattern-based trigger images |
| ProtectingIP | ./watermarks/protecting_ip.py | Protecting Intellectual Property of Deep Neural Networks with Watermarking | This paper implements 3 types, which are defined through the --wm_type argument. Choices: 'content' (pattern based), 'unrelated' (OOD), 'noise' |
| WeaknessIntoStrength | ./watermarks/weakness_into_strength.py | Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring | OOD trigger images, the trigger images are provided by the authors and stored in ./data/trigger_set/weakness_into_strength/, unfortunately only 100 |
| WMEmbeddedSystems | ./watermarks/wm_embedded_systems.py | Watermarking deep neural networks for embedded systems | Pattern-based trigger images |
Backdoor-based Model Watermarking is a black-box type of watermarking DNNs. The idea is based on backdooring, i.e. the model is trained on additional falsely classified so-called trigger images.
Python version: 3.7.3
Install dependencies by
pip install -r requirements.txt
Run embed_watermarks.py with arguments specifying the watermarking method, dataset, architecture and more.
For a quick example run
python embed_watermarks.py --method WeaknessIntoStrength --embed_type fromscratch --dataset cifar10 --num_classes 10 --arch resnet18 --epochs_w_wm 5 --epochs_wo_wm 0 --batch_size 64 --wm_batch_size 32 --lr 0.1 --optim SGD --sched CosineAnnealingLR --patience 20 --runname myfirstrun --save_file save_results.csv --trg_set_sizes_list 20
You will run the WeaknessIntoStrength (weakness_into_strength.py) watermarking method on ResNet-18 (resnet.py) on the CIFAR-10 dataset, with the trigger set size 20.
The trigger images for this method are stored in data/trigger_images/weakness_into_strength.
For all the other methods the trigger images first have to be generated by, e.g.,
python gen_watermarks.py --save_wm --method ExponentialWeighting --eps 0.25 --dataset cifar10 --trg_set_size 500 --save_file save_results_watermark_generation_exponentialweighting.csv
To generate images using the FrontierStitching method, a pretrained model is needed.
Models can be trained by calling train_wo_wm.py. For instance, below we train a custom cnn model on the CIFAR-10 dataset for 5 epochs:
python train_wo_wm.py --dataset cifar10 --num_classes 10 --arch cnn_cifar10 --epochs_wo_wm 5 --runname cifar10_custom_cnn
Such pretrained models can be further used for generating trigger sets using the FrontierStitching method:
python gen_watermarks.py --save_wm --method FrontierStitching --loadmodel cifar10_custom_cnn --eps 0.25 --dataset cifar10 --trg_set_size 100 --save_file save_results_watermark_generation_frontierstitching.csv
And also for embedding watermarks:
python embed_watermarks.py --method FrontierStitching --embed_type augmented --loadmodel cifar10_custom_cnn --dataset cifar10 --num_classes 10 --arch cnn_cifar10 --epochs_w_wm 5 --eps 0.25 --runname frontierstitching_cifar10_custom_cnn --save_file save_results_frontier_stitching_cifar10_cnn.csv --trg_set_sizes_list 100
This model will be saved to the folder checkpoint as frontierstitching_cifar10_custom_cnn_SGD_MultiStepLR_20.pth.
The attacks are performed by running attacks.py. For example, we run the pruning attack on the model we trained before with the runname cifar10_custom_cnn by
python attack.py --attack_type pruning --pruning_rates 0.2 0.4 0.6 0.8 --method FrontierStitching --trg_set_size 100 --dataset cifar10 --arch cnn_cifar10 --num_classes 10 --batch_size 64 --wm_batch_size 32 --eps 0.25 --save_file save_results_after_pruning.csv --loadmodel frontierstitching_cifar10_custom_cnn_SGD_MultiStepLR_20