DeepMarks: A Digital Fingerprinting Framework for Deep Neural Networks

This paper proposes DeepMarks, a novel end-to-end framework for systematic fingerprinting in the context of Deep Learning (DL). Remarkable progress has been made in the area of deep learning. Sharing the trained DL models has become a trend that is ubiquitous in various fields ranging from biomedical diagnosis to stock prediction. As the availability and popularity of pre-trained models are increasing, it is critical to protect the Intellectual Property (IP) of the model owner. DeepMarks introduces the first fingerprinting methodology that enables the model owner to embed unique fingerprints within the parameters (weights) of her model and later identify undesired usages of her distributed models. The proposed framework embeds the fingerprints in the Probability Density Function (pdf) of trainable weights by leveraging the extra capacity available in contemporary DL models. DeepMarks is robust against fingerprints collusion as well as network transformation attacks, including model compression and model fine-tuning. Extensive proof-of-concept evaluations on MNIST and CIFAR10 datasets, as well as a wide variety of deep neural networks architectures such as Wide Residual Networks (WRNs) and Convolutional Neural Networks (CNNs), corroborate the effectiveness and robustness of DeepMarks framework

Multimedia

The nowadays ubiquitous and effortless digital data capture and processing capabilities offered by the majority of devices, lead to an unprecedented penetration of multimedia content in our everyday life. To make the most of this phenomenon, the rapidly increasing volume and usage of digitised content requires constant re-evaluation and adaptation of multimedia methodologies, in order to meet the relentless change of requirements from both the user and system perspectives. Advances in Multimedia provides readers with an overview of the ever-growing field of multimedia by bringing together various research studies and surveys from different subfields that point out such important aspects. Some of the main topics that this book deals with include: multimedia management in peer-to-peer structures & wireless networks, security characteristics in multimedia, semantic gap bridging for multimedia content and novel multimedia applications

Multimedia Protection using Content and Embedded Fingerprints

Improved digital connectivity has made the Internet an important medium for multimedia distribution and consumption in recent years. At the same time, this increased proliferation of multimedia has raised significant challenges in secure multimedia distribution and intellectual property protection. This dissertation examines two complementary aspects of the multimedia protection problem that utilize content fingerprints and embedded collusion-resistant fingerprints. The first aspect considered is the automated identification of multimedia using content fingerprints, which is emerging as an important tool for detecting copyright violations on user generated content websites. A content fingerprint is a compact identifier that captures robust and distinctive properties of multimedia content, which can be used for uniquely identifying the multimedia object. In this dissertation, we describe a modular framework for theoretical modeling and analysis of content fingerprinting techniques. Based on this framework, we analyze the impact of distortions in the features on the corresponding fingerprints and also consider the problem of designing a suitable quantizer for encoding the features in order to improve the identification accuracy. The interaction between the fingerprint designer and a malicious adversary seeking to evade detection is studied under a game-theoretic framework and optimal strategies for both parties are derived. We then focus on analyzing and understanding the matching process at the fingerprint level. Models for fingerprints with different types of correlations are developed and the identification accuracy under each model is examined. Through this analysis we obtain useful guidelines for designing practical systems and also uncover connections to other areas of research. A complementary problem considered in this dissertation concerns tracing the users responsible for unauthorized redistribution of multimedia. Collusion-resistant fingerprints, which are signals that uniquely identify the recipient, are proactively embedded in the multimedia before redistribution and can be used for identifying the malicious users. We study the problem of designing collusion resistant fingerprints for embedding in compressed multimedia. Our study indicates that directly adapting traditional fingerprinting techniques to this new setting of compressed multimedia results in low collusion resistance. To withstand attacks, we propose an anti-collusion dithering technique for embedding fingerprints that significantly improves the collusion resistance compared to traditional fingerprints

Collusion Resistive Framework for Multimedia Security

The recent advances in multimedia and Internet technology rises the need for multimedia security.The frequent distribution of multimedia content can cause security breach and violate copyright protection law.The legitimate user can come together to generate illegitimate copy to use it for unintended purpose.The most effective such kind of attack is collusion,involve group of user to contribute with their copies of content to generate a new copy. Fingerprinting,a unique mark is embedded have one to one corresponds with user,is the solution to tackle collusion attack problem.A colluder involve in collusion leaves its trace in alter copy,so the effectiveness of mounting a successful attack lies in how effectively a colluder alter the image by leaving minimum trace.A framework,step by step procedure to tackle collusion attack, involves fingerprint generation and embedding.Various fingerprint generation and embedding techniques are used to make collusion resistive framework effective.Spread spectrum embedding with coded modulation is most effective framework to tackle collusion attack problem.The spread spectrum framework shows high collusion resistant and traceability but it can be attacked with some special collusion attack like interleaving attack and combination of average attack.Various attacks have different post effect on multimedia in different domains. The thesis provide a detail analysis of various collusion attack in different domains which serve as basis for designing the framework to resist collusion.Various statistical and experimental resuslts are drwan to show the behavior of collusion attack.The thesis also proposed a framework here uses modified ECC coded fingerprint for generation and robust watermarking embedding using wave atom.The system shows high collusion resistance against various attack.Various experiments are are drawn and system shows high collusion resistance and much better performance than literature System

Collusion-resistant fingerprinting for multimedia in a broadcast channel environment

Digital fingerprinting is a method by which a copyright owner can uniquely embed a buyer-dependent, inconspicuous serial number (representing the fingerprint) into every copy of digital data that is legally sold. The buyer of a legal copy is then deterred from distributing further copies, because the unique fingerprint can be used to trace back the origin of the piracy. The major challenge in fingerprinting is collusion, an attack in which a coalition of pirates compare several of their uniquely fingerprinted copies for the purpose of detecting and removing the fingerprints. The objectives of this work are two-fold. First, we investigate the need for robustness against large coalitions of pirates by introducing the concept of a malicious distributor that has been overlooked in prior work. A novel fingerprinting code that has superior codeword length in comparison to existing work under this novel malicious distributor scenario is developed. In addition, ideas presented in the proposed fingerprinting design can easily be applied to existing fingerprinting schemes, making them more robust to collusion attacks. Second, a new framework termed Joint Source Fingerprinting that integrates the processes of watermarking and codebook design is introduced. The need for this new paradigm is motivated by the fact that existing fingerprinting methods result in a perceptually undistorted multimedia after collusion is applied. In contrast, the new paradigm equates the process of collusion amongst a coalition of pirates, to degrading the perceptual characteristics, and hence commercial value of the multimedia in question. Thus by enforcing that the process of collusion diminishes the commercial value of the content, the pirates are deterred from attacking the fingerprints. A fingerprinting algorithm for video as well as an efficient means of broadcasting or distributing fingerprinted video is also presented. Simulation results are provided to verify our theoretical and empirical observations

Anti-Collusion Fingerprinting for Multimedia

Digital fingerprinting is a technique for identifyingusers who might try to use multimedia content for unintendedpurposes, such as redistribution. These fingerprints are typicallyembedded into the content using watermarking techniques that aredesigned to be robust to a variety of attacks. A cost-effectiveattack against such digital fingerprints is collusion, whereseveral differently marked copies of the same content are combinedto disrupt the underlying fingerprints. In this paper, weinvestigate the problem of designing fingerprints that canwithstand collusion and allow for the identification of colluders.We begin by introducing the collusion problem for additiveembedding. We then study the effect that averaging collusion hasupon orthogonal modulation. We introduce an efficient detectionalgorithm for identifying the fingerprints associated with Kcolluders that requires O(K log(n/K)) correlations for agroup of n users. We next develop a fingerprinting scheme basedupon code modulation that does not require as many basis signalsas orthogonal modulation. We propose a new class of codes, calledanti-collusion codes (ACC), which have the property that thecomposition of any subset of K or fewer codevectors is unique.Using this property, we can therefore identify groups of K orfewer colluders. We present a construction of binary-valued ACCunder the logical AND operation that uses the theory ofcombinatorial designs and is suitable for both the on-off keyingand antipodal form of binary code modulation. In order toaccommodate n users, our code construction requires onlyO(sqrt{n}) orthogonal signals for a given number of colluders.We introduce four different detection strategies that can be usedwith our ACC for identifying a suspect set of colluders. Wedemonstrate the performance of our ACC for fingerprintingmultimedia and identifying colluders through experiments usingGaussian signals and real images.This paper has been submitted to IEEE Transactions on Signal Processing</I

Tardos fingerprinting is better than we thought

We review the fingerprinting scheme by Tardos and show that it has a much better performance than suggested by the proofs in Tardos' original paper. In particular, the length of the codewords can be significantly reduced. First we generalize the proofs of the false positive and false negative error probabilities with the following modifications: (1) we replace Tardos' hard-coded numbers by variables and (2) we allow for independently chosen false positive and false negative error rates. It turns out that all the collusion-resistance properties can still be proven when the code length is reduced by a factor of more than 2. Second, we study the statistical properties of the fingerprinting scheme, in particular the average and variance of the accusations. We identify which colluder strategy forces the content owner to employ the longest code. Using a gaussian approximation for the probability density functions of the accusations, we show that the required false negative and false positive error rate can be achieved with codes that are a factor 2 shorter than required for rigid proofs. Combining the results of these two approaches, we show that the Tardos scheme can be used with a code length approximately 5 times shorter than in the original construction.Comment: Modified presentation of result