A new piracy-resistant DNN watermarkingmethod based on secret key and block-wise imagetransformations

Abstract In this paper, we propose a new DNN watermarking method that can be usedfor copyright protection of DNN models. This method utilizes learnable blockwiseimage transformation techniques and a secret key to embed watermarkinto a DNN model. Additionally, the method utilizes a black-box watermarkingapproach that does not require a specific predefined training set or triggerset, allowing remote verification of model ownership. Therefore, this method canachieve copyright protection for DNN models by authentication methods for DNNmodels. Experimental results on the CIFAR-10 dataset show that this method ispiracy-resistant and allows the trained DNN models to maintain a high level ofaccuracy in image classification.In addition,the original watermark is not easilyoverwritten by a pirated watermark, showing robustness against fine-tuning andpruning attacks.