DeepMarks: A Digital Fingerprinting Framework for Deep Neural Networks

This paper proposes DeepMarks, a novel end-to-end framework for systematic fingerprinting in the context of Deep Learning (DL). Remarkable progress has been made in the area of deep learning. Sharing the trained DL models has become a trend that is ubiquitous in various fields ranging from biomedical diagnosis to stock prediction. As the availability and popularity of pre-trained models are increasing, it is critical to protect the Intellectual Property (IP) of the model owner. DeepMarks introduces the first fingerprinting methodology that enables the model owner to embed unique fingerprints within the parameters (weights) of her model and later identify undesired usages of her distributed models. The proposed framework embeds the fingerprints in the Probability Density Function (pdf) of trainable weights by leveraging the extra capacity available in contemporary DL models. DeepMarks is robust against fingerprints collusion as well as network transformation attacks, including model compression and model fine-tuning. Extensive proof-of-concept evaluations on MNIST and CIFAR10 datasets, as well as a wide variety of deep neural networks architectures such as Wide Residual Networks (WRNs) and Convolutional Neural Networks (CNNs), corroborate the effectiveness and robustness of DeepMarks framework

Multimedia Protection using Content and Embedded Fingerprints

Improved digital connectivity has made the Internet an important medium for multimedia distribution and consumption in recent years. At the same time, this increased proliferation of multimedia has raised significant challenges in secure multimedia distribution and intellectual property protection. This dissertation examines two complementary aspects of the multimedia protection problem that utilize content fingerprints and embedded collusion-resistant fingerprints. The first aspect considered is the automated identification of multimedia using content fingerprints, which is emerging as an important tool for detecting copyright violations on user generated content websites. A content fingerprint is a compact identifier that captures robust and distinctive properties of multimedia content, which can be used for uniquely identifying the multimedia object. In this dissertation, we describe a modular framework for theoretical modeling and analysis of content fingerprinting techniques. Based on this framework, we analyze the impact of distortions in the features on the corresponding fingerprints and also consider the problem of designing a suitable quantizer for encoding the features in order to improve the identification accuracy. The interaction between the fingerprint designer and a malicious adversary seeking to evade detection is studied under a game-theoretic framework and optimal strategies for both parties are derived. We then focus on analyzing and understanding the matching process at the fingerprint level. Models for fingerprints with different types of correlations are developed and the identification accuracy under each model is examined. Through this analysis we obtain useful guidelines for designing practical systems and also uncover connections to other areas of research. A complementary problem considered in this dissertation concerns tracing the users responsible for unauthorized redistribution of multimedia. Collusion-resistant fingerprints, which are signals that uniquely identify the recipient, are proactively embedded in the multimedia before redistribution and can be used for identifying the malicious users. We study the problem of designing collusion resistant fingerprints for embedding in compressed multimedia. Our study indicates that directly adapting traditional fingerprinting techniques to this new setting of compressed multimedia results in low collusion resistance. To withstand attacks, we propose an anti-collusion dithering technique for embedding fingerprints that significantly improves the collusion resistance compared to traditional fingerprints

Anti-Collusion Fingerprinting for Multimedia

Digital fingerprinting is a technique for identifyingusers who might try to use multimedia content for unintendedpurposes, such as redistribution. These fingerprints are typicallyembedded into the content using watermarking techniques that aredesigned to be robust to a variety of attacks. A cost-effectiveattack against such digital fingerprints is collusion, whereseveral differently marked copies of the same content are combinedto disrupt the underlying fingerprints. In this paper, weinvestigate the problem of designing fingerprints that canwithstand collusion and allow for the identification of colluders.We begin by introducing the collusion problem for additiveembedding. We then study the effect that averaging collusion hasupon orthogonal modulation. We introduce an efficient detectionalgorithm for identifying the fingerprints associated with Kcolluders that requires O(K log(n/K)) correlations for agroup of n users. We next develop a fingerprinting scheme basedupon code modulation that does not require as many basis signalsas orthogonal modulation. We propose a new class of codes, calledanti-collusion codes (ACC), which have the property that thecomposition of any subset of K or fewer codevectors is unique.Using this property, we can therefore identify groups of K orfewer colluders. We present a construction of binary-valued ACCunder the logical AND operation that uses the theory ofcombinatorial designs and is suitable for both the on-off keyingand antipodal form of binary code modulation. In order toaccommodate n users, our code construction requires onlyO(sqrt{n}) orthogonal signals for a given number of colluders.We introduce four different detection strategies that can be usedwith our ACC for identifying a suspect set of colluders. Wedemonstrate the performance of our ACC for fingerprintingmultimedia and identifying colluders through experiments usingGaussian signals and real images.This paper has been submitted to IEEE Transactions on Signal Processing</I

Anticollusion solutions for asymmetric fingerprinting protocols based on client side embedding

In this paper, we propose two different solutions for making a recently proposed asymmetric fingerprinting protocol based on client-side embedding robust to collusion attacks. The first solution is based on projecting a client-owned random fingerprint, securely obtained through existing cryptographic protocols, using for each client a different random matrix generated by the server. The second solution consists in assigning to each client a Tardos code, which can be done using existing asymmetric protocols, and modulating such codes using a specially designed random matrix. Suitable accusation strategies are proposed for both solutions, and their performance under the averaging attack followed by the addition of Gaussian noise is analytically derived. Experimental results show that the analytical model accurately predicts the performance of a realistic system. Moreover, the results also show that the solution based on independent random projections outperforms the solution based on Tardos codes, for different choices of parameters and under different attack models

A new fingerprint design using optical orthogonal codes

Digital fingerprinting has been proposed to restrict illegal distribution of digital media, where every piece of media has a unique fingerprint as an identifying feature that can be traceable. However, fingerprint systems are vulnerable when multiple users form collusion by combining their copies to create a forged copy. The collusion is modeled as an average linear attack, where multiple weighted copies are averaged and the Gaussian noise is then added to the averaged copy. In this thesis, a new fingerprint design with robustness to collusion is proposed, which is to accommodate more users and parameters than other existing fingerprint designs. A base matrix is constructed by cyclic shifts of binary sequences in an optical orthogonal code and then extended by a Hadamard matrix. Finally, each column of the resulting matrix is used as a fingerprint. The focused detection is used to determine whether a user is innocent or guilty in average linear attacks. Simulation results show that the performance of our new fingerprint design is comparable to that of orthogonal and simplex fingerprints

A Joint Coding and Embedding Framework for Multimedia Fingerprinting

Technology advancement has made multimedia content widely available and easy to process. These benefits also bring ease to unauthorized users who can duplicate and manipulate multimedia content, and redistribute it to a large audience. Unauthorized distribution of information has posed serious threats to government and commercial operations. Digital fingerprinting is an emerging technology to protect multimedia content from such illicit redistribution by uniquely marking every copy of the content distributed to each user. One of the most powerful attacks from adversaries is collusion attack where several different fingerprinted copies of the same content are combined together to attenuate or even remove the fingerprints. An ideal fingerprinting system should be able to resist such collusion attacks and also have low embedding and detection computational complexity, and require low transmission bandwidth. To achieve aforementioned requirements, this thesis presents a joint coding and embedding framework by employing a code layer for efficient fingerprint construction and leveraging the embedding layer to achieve high collusion resistance. Based on this framework, we propose two new joint-coding-embedding techniques, namely, permuted subsegment embedding and group-based joint-coding-embedding fingerprinting. We show that the proposed fingerprinting framework provides an excellent balance between collusion resistance, efficient construction, and efficient detection. The proposed joint coding and embedding techniques allow us to model both coded and non-coded fingerprinting under the same theoretical model, which can be used to provide guidelines of choosing parameters. Based on the proposed joint coding and embedding techniques, we then consider real-world applications, such as DVD movie mass distribution and cable TV, and develop practical algorithms to fingerprint video in such challenging practical settings as to accommodate more than ten million users and resist hundreds of users' collusion. Our studies show a high potential of joint coding and embedding to meet the needs of real-world large-scale fingerprinting applications. The popularity of the subscription based content services, such as cable TV, inspires us to study the content protection in such scenario where users have access to multiple contents and thus the colluders may pirate multiple movie signals. To address this issue, we exploit the temporal dimension and propose a dynamic fingerprinting scheme that adjusts the fingerprint design based on the detection results of previously pirated signals. We demonstrate the advantages of the proposed dynamic fingerprinting over conventional static fingerprinting. Other issues related to multimedia fingerprinting, such as fingerprinting via QIM embedding, are also discussed in this thesis