Generic placeholder image

Current Chinese Science

Author(s): Dehui Wang, Jinfu Liu, Yingqian Zhang*, Nian Zhang* and Xingyuan Wang

DOI: 10.2174/2210298102666220411113929

DownloadDownload PDF Flyer Cite As
Application of Watermarking Technology based on Deep Learning in Face Recognition

Page: [425 - 433] Pages: 9

  • * (Excluding Mailing and Handling)

Abstract

Background: Face recognition belonging to biometric recognition has great application value. Its algorithm based on deep learning has been widely used in recent years. Meanwhile, problems that endanger social privacy and security gradually appear, such as stealing, abusing, and illegal deploying models.

Objective: The objective of this study is to use chaos to construct a watermark trigger set for protecting the model's intellectual property rights, thereby enabling the model to resist fine-tuning and overwriting attacks. When the model is leaked, it can be traced through a special watermark.

Methods: We used the unpredictability and initial value sensitivity of chaos to make the watermark imperceptible and endow multiple deep learning based face recognition models with special watermarks.

Results: The face recognition deep learning model embedded watermarks successfully while having high precision for watermark extraction. Meanwhile, it maintained the original function as well as features of watermarks. Experimental results and theoretical analysis indicate that the proposed scheme can resist fine-tuning, overwriting attacks, and trace leaked models.

Conclusion: The proposed scheme improved the model's fidelity, safety, practicality, completeness, effectiveness, and the ability to resist common attacks based on machine learning. With the help of special watermarks, related departments can effectively manage face recognition based on deep learning models.

Keywords: Deep learning, face recognition, intelligent model protection, chaos theory, Lorenz chaotic system, watermark.

Graphical Abstract

[1]
Jiang, F.L.; Liu, P.C.; Zhou, X.D. A review on face anti-spoofing. Acta Automatica Sinica, 2021, 47(8), 1799-1821.
[2]
Erkin, Z.; Franz, M.; Guajardo, J.; Katzenbeisser, S.; Toft, T. Privacy-preserving face recognition. Proceedings of the 9th International Symposium on Privacy Enhancing Technologies, 2009Seattle, WA, USA, pp. 235-253.
[3]
Dwork, C.; Roth, A. The algorithmic foundations of differential privacy. Foundat. Trends Theor. Comput. Sci., 2014, 9(3-4), 211-407.
[http://dx.doi.org/10.1561/0400000042]
[4]
Goodfellow, I.J.; Shlens, J.; Szegedy, C. Explaining and harnessing adversarial examples. arXiv; , 2014. Available from: https://arxiv.org/abs/1412.6572
[5]
Ma, Y.; Wu, L.; Gu, X.; He, J.; Yang, Z. A secure face verification scheme based on homomorphic encryption and deep neural networks. IEEE Access, 2017, 5, 16532-16538.
[http://dx.doi.org/10.1109/ACCESS.2017.2737544]
[6]
Uchida, Y.; Nagai, Y.; Sakazawa, S.; Satoh, S. Embedding watermarks into deep neural networks. Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval, 2017, pp. 269-277.
[http://dx.doi.org/10.1145/3078971.3078974]
[7]
Liu, S.H.; Yao, H.X.; Gao, W. Neural network based steganalysis in still images. Proceedings of IEEE ICME, 2003, pp. 509-512.
[8]
Rouhani, B.D.; Chen, H.; Koushanfar, F. Deepsigns: A generic watermarking framework for ip protection of deep learning models. Arxiv; , 2018. Available from: https://www.semanticscholar.org/paper/DeepSigns%3A-A-Generic-Watermarking-Framework-for-IP-Rouhani-Chen/07d64b8b6c65fe1b2dc0d53c92753cbf3bdd1fb5
[9]
Adi, Y.; Baum, C.; Cisse, M.; Pinkas, B.; Keshet, J. Turning your weakness into a strength: Watermarking deep neural networks by backdooring. Proceedings of 27th USENIX Security Symposium, August 15-17Baltimore, US2018, pp. 1615-1631.
[10]
Wang, T.; Kerschbaum, F. Attacks on digital watermarks for deep neural networks. IEEE Interna-tional Conference on Acoustics, Speech and Signal Processing (ICASSP); 12-17 May Brighton, UK, 2019, pp. 2622-2626.
[http://dx.doi.org/10.1109/ICASSP.2019.8682202]
[11]
Wang, T.; Kerschbaum, F. Robust and undetectable white-box watermarks for deep neural networks; , 2021. Available from: https://arxiv.org/pdf/1910.14268.pdf
[12]
Zhang, J.L.; Gu, Z.S.; Jang, J.Y. Protecting intellectual property of deep neural networks with watermarking. In: ASIACCS ’18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security; May 2018, 2018; pp. 159-72.
[http://dx.doi.org/10.1145/3196494.3196550]
[13]
Zheng, L. Lorenz, g; Y.H; Yang, Z How to prove your model belongs to you: A blind-watermark based framework to protect intellectual property of DNN. Proceedings of the 35th Annual Computer Security Applications Conference, San Juan, Puerto Rico2019, pp. 126-137.
[14]
Chen, H.; Rouhani, B.D.; Fan, X. Performance comparison of contemporary dnn watermarking techniques. Computer Science, 2018. Available from: https://www.semanticscholar.org/paper/Performance-Comparison-of-Contemporary-DNN-Chen-Rouhani/6c5a85e131c2439d8b8b33a2ce27035d4e1bd1a3
[15]
Namba, R.; Sakuma, J. Robust watermarking of neural network with exponential weighting. Proceedings of ACM Asia, London, UK2019, pp. 228-240.
[http://dx.doi.org/10.1145/3321705.3329808]
[16]
Zhong, Q.; Zhang, L.Y.; Zhang, J. Protecting IP of deep neural networks with watermarking: A new label helps Pacific-Asia Conference on Knowledge Discovery and Data Mining; Springer: Cham, 2020, pp. 462-474.
[17]
Zhang, J.; Chen, D.; Liao, J.; Zhang, W.; Feng, H.; Hua, G.; Yu, N. Deep model intellectual property protection via deep watermarking. IEEE Trans. Pattern Anal. Mach. Intell., 2021, 1.
[http://dx.doi.org/10.1109/TPAMI.2021.3064850]
[18]
Jambhale, T.; Gaffar, H.A. A Deep learning approach to invisible watermarking for copyright protection. Inventive Communication and Computational Technologies; Springer: Singapore, 2022, pp. 493-503.
[19]
Zhao, Z.P.; Zhou, S.; Wang, X.Y. A new chaotic signal based on deep learning and its application in image encryption. Wuli Xuebao, 2021, 70(23)230502
[http://dx.doi.org/10.7498/aps.70.20210561]
[20]
Chen, W.; Guo, Y.; Jing, S.W. General image encryption algorithm based on deep learning compressed sensing and compound chaotic system. Wuli Xuebao, 2020, 69(24), 99-111.
[http://dx.doi.org/10.7498/aps.69.20201019]
[21]
Shi, H.; Wang, L.D. Multi-process image encryption scheme based on compressed sensing and multi-dimensional chaotic system. Wuli Xuebao, 2019, 68(20), 39-52.
[http://dx.doi.org/10.7498/aps.68.20190553]
[22]
Zhang, Y.P.; Hou, D.M.; Yang, Q.; Zhang, B.Y. Research on image encryption algorithm design based on chaos synchronization technology. Modern Electr. Tech., 2021, 44(19), 39-42.
[23]
He, K.; Zhang, X.; Ren, S.; Sun, J. Deep residual learning for image recognition. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2016, pp. 770-778.
[24]
Yang, F.F. Mou, Jun; Liu, Jian; Ma, C.G; Yan, H.Z Char-acteristic analysis of the fractional-order hyperchaotic com-plex system and its image encryption application. Signal Processing, 2020, 169107373
[http://dx.doi.org/10.1016/j.sigpro.2019.107373]
[25]
Wang, X.; Wang, M. A hyperchaos generated from Lorenz system. Physica A, 2008, 387(14), 3751-3758.
[http://dx.doi.org/10.1016/j.physa.2008.02.020]
[26]
Li, W.; Liang, W.J.; Shi, T.; Deng, S.; Yang, J.P. Quick periodic property of Lorenz system measured by wavelet entropy. J. Jinggangshan Univ. Nat. Sci., 2021, 42(4), 71-75.
[27]
Ma, X.J.; Mou, J.; Liu, J.; Ma, C.; Zhao, X. A novel simple chaotic circuit based on memristor–memcapacitor. Nonlinear Dyn., 2020, 100(3), 2859-2876.
[http://dx.doi.org/10.1007/s11071-020-05601-x]
[28]
Ye, X.L.; Mou, J.; Luo, C.F.; Wang, Z.S. Dynamics analysis of Wien-bridge hyperchaotic memristive circuit system. Nonlinear Dyn., 2018, 92(3), 923-933.
[http://dx.doi.org/10.1007/s11071-018-4100-x]