CV-Watermark

Survey of watermarking for computer vision models (A Brief Chinese Survey)

White-box Watermarking

• 2017 Embedding Watermarks into Deep Neural Networks (Yusuke Uchida) KDDI Research Inc., Japan

  • paper: https://dl.acm.org/doi/pdf/10.1145/3078971.3078974 (ICMR 2017)
  • code: https://github.com/yu4u/dnn-watermark

• 2019 DeepSigns: An End-to-End Watermarking Framework for Ownership Protection of Deep Neural Networks (Bita Darvish Rouhani) University of California San Diego

  • paper: https://dl.acm.org/doi/pdf/10.1145/3297858.3304051 (ASPLOS 2019)
  • code: https://github.com/bitadr/DeepSigns

• 2019 DeepMarks: A Secure Fingerprinting Framework for DigitalRights Management of Deep Learning Models (Huili Chen) University of California San Diego

  • paper: https://dl.acm.org/doi/epdf/10.1145/3323873.3325042 (ICMR 2019)
  • code:

• 2019 DeepAttest: An End-to-End Attestation Framework for Deep Neural Networks (Huili Chen) University of California San Diego

  • paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8980316 (ISCA 2019)
  • code:

• 2019 Rethinking deep neural network ownership verification: embedding passports to defeat ambiguity attacks (Lixin Fan) WeBank AI Lab, China

  • paper: https://dl.acm.org/doi/pdf/10.5555/3454287.3454711 (NIPS 2019)
  • code: https://github.com/kamwoh/DeepIPR

• 2020 DeepWatermark: Embedding Watermark into DNN Model (Minoru Kuribayashi) Okayama University

  • paper: http://www.apsipa.org/proceedings/2020/pdfs/0001340.pdf (APSIPA 2020)
  • code:

• 2020 Watermarking Neural Network with Compensation Mechanism (Le Feng) Fudan University

  • paper: https://link.springer.com/content/pdf/10.1007/978-3-030-55393-7_33.pdf (KSEM 2020)
  • code:

• 2020 Watermarking in Deep Neural Networks via Error Back-propagation (Jiangfeng Wang) Shanghai University

  • paper: https://hzwu.github.io/dnnWatermarking2020.pdf (Electronic Imaging 2020)
  • code:

• 2021 White-Box Watermarking Scheme for Fully-Connected Layers in Fine-Tuning Model (Minoru Kuribayashi) Okayama University

  • paper: https://dl.acm.org/doi/pdf/10.1145/3437880.3460402 (IH&MMSec 2021)
  • code:

• 2021 NeuNAC: A novel fragile watermarking algorithm for integrity protection of neural networks (Marco Botta) University of Turin

  • paper: https://www.sciencedirect.com/science/article/pii/S0020025521006642 (Information Sciences 2021)
  • code:

• 2021 RIGA: Covert and Robust White-Box Watermarking of Deep Neural Networks (Tianhao Wang) Harvard University

  • paper: https://dl.acm.org/doi/pdf/10.1145/3442381.3450000 (WWW 2021)
  • code: https://github.com/Jiachen-T-Wang/riga

• 2022 DeepIPR: Deep Neural Network Ownership Verification With Passports (Lixin Fan) WeBank AI Lab

  • paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9454280 (TPAMI 2021)
  • code: https://github.com/kamwoh/DeepIPR

Black-box Watermarking

• 2018 Protecting Intellectual Property of Deep Neural Networks with Watermarking (Zhang) IBM Research

  • paper: https://dl.acm.org/doi/pdf/10.1145/3196494.3196550 (AsiaCCS 2018) Crack it in Chinese
  • code:

• 2018 Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring (Yossi Adi) Bar-Ilan University

  • paper: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-adi.pdf (USENIX 2018) Crack it in Chinese
  • code: https://github.com/adiyoss/WatermarkNN

• 2018 Watermarking Deep Neural Networks for Embedded Systems（Jia Guo）University of California, Los Angeles

  • paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8587745 (ICCAD 2018) Crack it in Chinese
  • code:

• 2019 BlackMarks: Blackbox Multibit Watermarking for Deep Neural Networks (Huili Chen) University of California San Diego

  • paper: https://arxiv.org/abs/1904.00344 (arXiv 2019)
  • code:

• 2019 Robust Watermarking of Neural Network with Exponential Weighting (Ryota Namba) University of Tsukuba

  • paper: https://dl.acm.org/doi/pdf/10.1145/3321705.3329808 (ASIACCS 2019) Crack it in Chinese
  • code: https://github.com/dunky11/exponential-weighting-watermarking

• 2019 How to Prove Your Model Belongs to You: A Blind-Watermark based Framework to Protect Intellectual Property of DNN (Zheng Li) Shandong University

  • paper: https://dl.acm.org/doi/pdf/10.1145/3359789.3359801 (ACSAC 2019) Crack it in Chinese
  • code: https://github.com/zhenglisec/Blind-Watermark-for-DNN

• 2019 AFA: Adversarial fingerprinting authentication for deep neural networks (Jingjing Zhao) Hubei University

  • paper: (Computer Communications 2019)
  • code:

• 2020 Secure neural network watermarking protocol against forging attack (Renjie Zhu) Fudan University

• paper: https://dl.acm.org/doi/abs/10.1186/s13640-020-00527-1 (EURASIP 2020)

• code:

• 2020 Adversarial frontier stitching for remote neural network watermarking (Erwan Le Merrer) Univ Rennes, Inria

  • paper: https://link.springer.com/article/10.1007/s00521-019-04434-z (Neural Computing and Applications 2020)
  • code: https://github.com/dunky11/adversarial-frontier-stitching

• 2020 Passport-aware Normalization for Deep Model Protection (Jie Zhang) USTC

  • paper: https://dl.acm.org/doi/pdf/10.5555/3495724.3497620 (NIPS 2020)
  • code:

• 2020 Protecting IP of Deep Neural Networks with Watermarking: A New Label Helps (Qi Zhong) Deakin University

  • paper: https://link.springer.com/chapter/10.1007/978-3-030-47436-2_35 (PAKDD 2020)
  • code:

• 2020 Active DNN IP Protection: A Novel User Fingerprint Management and DNN Authorization Control Technique (Mingfu Xue) NUAA

  • paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9343023 (TrustCom 2020)
  • code:

• 2021 IPGuard: Protecting Intellectual Property of Deep Neural Networks via Fingerprinting the Classification Boundary (Xiaoyu Cao) Duke University

  • paper: https://dl.acm.org/doi/pdf/10.1145/3433210.3437526 (ASIACCS 2021)
  • code:

• 2021 DEEP NEURAL NETWORK FINGERPRINTING BY CONFERRABLE ADVERSARIAL EXAMPLES (Nils Lukas) University of Waterloo

  • paper: https://openreview.net/pdf?id=VqzVhqxkjH1 (ICLR 2021)
  • code:

• 2021 Piracy-Resistant DNN Watermarking by Block-Wise Image Transformation with Secret Key (April Pyone Maung) Tokyo Metropolitan University

  • paper: https://dl.acm.org/doi/pdf/10.1145/3437880.3460398 (IH&MMSec 2021)
  • code:

• 2021 On the Robustness of Backdoor-based Watermarking in Deep Neural Networks (Masoumeh Shafieinejad) University of Waterloo

  • paper: https://dl.acm.org/doi/pdf/10.1145/3437880.3460401 (IH&MMSec 2021)
  • code: https://github.com/CodeSubmission642/WatermarkRobustness

• 2021 Protecting Intellectual Property of Generative Adversarial Networks from Ambiguity Attacks (Ding Sheng Ong) University of Malaya

  • paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9577609 (CVPR 2021)
  • code: https://github.com/dingsheng-ong/ipr-gan

• 2021 Watermarking Deep Neural Networks in Image Processing (Yuhui Quan) South China University of Technology

  • paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9093125 (TNNLS 2021)
  • code:

• 2023 Universal BlackMarks: Key-Image-Free Blackbox Multi-Bit Watermarking of Deep Neural Networks (Li Li) USTC

  • paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10025674 (SPL 2023)
  • code:

Non-box Watermarking

• 2020 Model Watermarking for Image Processing Networks (Jie Zhang) USTC

  • paper: https://cdn.aaai.org/ojs/6976/6976-13-10205-1-10-20200525.pdf (AAAI 2020)
  • code: https://github.com/ZJZAC/Deep-Model-Watermarking

• 2021 Watermarking Neural Networks with Watermarked Images (Wu) Shanghai University

  • paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9222304 (TCSVT 2021)
  • code:

• 2022 Deep Model Intellectual Property Protection via Deep Watermarking (Zhang) USTC

  • paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9373945 (TPAMI 2021)
  • code: https://github.com/ZJZAC/Deep-Model-Watermarking

Others

• 2021 Watermarking Deep Neural Networks with Greedy Residuals (Liu) Peking University

  • paper: http://proceedings.mlr.press/v139/liu21x/liu21x.pdf (ICML 2021)
  • code: https://github.com/eil/greedy-residuals

• 2022 Cosine Model Watermarking against Ensemble Distillation (Laurent Charette) Huawei Technologies Canada

  • paper: https://ojs.aaai.org/index.php/AAAI/article/view/21184# (AAAI 2022)
  • code:

• 2022 Certified Neural Network Watermarks with Randomized Smoothing (Arpit Bansal) University of Maryland

  • paper: https://proceedings.mlr.press/v162/bansal22a/bansal22a.pdf (ICML 2022)
  • code: https://github.com/arpitbansal297/certified_watermarks

• 2023 A novel model watermarking for protecting generative adversarial network (Qiao) Hangzhou Dianzi University

  • paper: https://www.sciencedirect.com/science/article/pii/S0167404823000123 (Computers and Security 2023)
  • code:

Attacks

• 2020 Removing Backdoor-Based Watermarks in Neural Networks with Limited Data (Liu) Tsinghua University

  • paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9412684 (ICPR 2020)
  • code:

• 2020 Dataset Inference: Ownership Resolution in Machine Learning (Pratyush Maini) University of Toronto and Vector Institute

  • paper: https://ppml-workshop.github.io/ppml20/pdfs/Maini_et_al.pdf (NeurIPS 2020)
  • code: https://github.com/cleverhans-lab/dataset-inference

For more information please refer to: https://github.com/20110240069/Watermark-Learning-Resources or https://fdmas.github.io/research/Neural_Network_Watermarking.html