Abstract

This talk explores the challenges of watermarking deep neural networks (DNNs) and presents our recent research efforts to address them. DNNs represent valuable intellectual property (IP) due to the significant expertise, effort, and computational resources required for their development, training, validation, and commercialization. However, model theft poses a serious threat, making IP protection increasingly difficult. Attackers can manipulate stolen DNN models using various techniques—such as pruning, fine-tuning, transfer learning, functionality-equivalent transformation, and kernel modification-to erase embedded watermarks, thereby undermining IP protection. Additionally, they may detect and remove existing watermarks before embedding their own to falsely claim ownership. Our research focuses on designing robust and reliable watermarking techniques that withstand these attacks, ensuring effective IP protection and ownership verification. Specifically, we have developed a theoretically proven watermark resistant to fine-tuning attacks, a watermarking method independent of the original training dataset, a watermarking mechanism for self-supervised learning (SSL) encoders, and a watermarking approach resilient to model extraction attacks.

About the Speaker

Dr. Shengzhi Zhang is an Associate Professor and Associate Chair in the Computer Science Department at Boston University Metropolitan College. Prior to joining BU, he was an Assistant Professor at the Florida Institute of Technology and held research positions at IBM Research Lab, Honeywell Aerospace, and Cisco R&D. He earned his Ph.D. in Computer Science and Engineering from Penn State University in 2012. Dr. Zhang’s research focuses on AI security, IoT security, system security, vehicle security, and mobile security. He has contributed extensively to the field through numerous publications and has served on program committees for top-tier security conferences and journals.