In recent decades, Generative Adversarial Network (GAN) and its variants have achieved unprecedented success in image synthesis. However, well-trained GANs are under the threat of illegal steal or leakage. The prior studies on remote ownership verification assume a black-box setting where the defender can query the suspicious model with specific inputs, which we identify is not enough for generation tasks. To this end, in this paper, we propose a novel IP protection scheme for GANs where ownership verification can be done by checking outputs only, without choosing the inputs (i.e., box-free setting). Specifically, we make use of the unexploited potential of the discriminator to learn a hypersphere that captures the unique distribution learned by the paired generator. Extensive evaluations on two popular GAN tasks and more than 10 GAN architectures demonstrate our proposed scheme to effectively verify the ownership. Our proposed scheme shown to be immune to popular input-based removal attacks and robust against other existing attacks. The source code and models are available at https://github.com/AbstractTeen/gan_ownership_verification

翻译：近几十年来，生成对抗网络（GAN）及其变体在图像合成领域取得了前所未有的成功。然而，训练良好的生成对抗网络正面临非法窃取或泄露的威胁。以往关于远程所有权验证的研究通常假设黑盒设置，即防御方能够通过特定输入查询可疑模型，但我们认为这种方式对生成任务而言并不充分。为此，本文提出一种新颖的GAN知识产权保护方案，该方案仅需检查输出即可完成所有权验证，而无需选择输入（即无框设置）。具体而言，我们利用判别器未被充分开发的潜力来学习一个超球面，该超球面能够捕获配对生成器所学习的独特分布。在两项主流GAN任务及超过10种GAN架构上的广泛评估表明，我们提出的方案能够有效验证所有权。该方案被证明对基于输入的常见去除攻击具有免疫性，并能抵御其他现有攻击。源代码和模型已开源，详见https://github.com/AbstractTeen/gan_ownership_verification。