In this paper, we present DSN (Deep Serial Number), a simple yet effective watermarking algorithm designed specifically for deep neural networks (DNNs). Unlike traditional methods that incorporate identification signals into DNNs, our approach explores a novel Intellectual Property (IP) protection mechanism for DNNs, effectively thwarting adversaries from using stolen networks. Inspired by the success of serial numbers in safeguarding conventional software IP, we propose the first implementation of serial number embedding within DNNs. To achieve this, DSN is integrated into a knowledge distillation framework, in which a private teacher DNN is initially trained. Subsequently, its knowledge is distilled and imparted to a series of customized student DNNs. Each customer DNN functions correctly only upon input of a valid serial number. Experimental results across various applications demonstrate DSN's efficacy in preventing unauthorized usage without compromising the original DNN performance. The experiments further show that DSN is resistant to different categories of watermark attacks.

翻译：本文提出DSN（深度序列号），一种专为深度神经网络（DNN）设计的简单而高效的水印算法。与传统方法将身份识别信号嵌入DNN不同，本文探索了一种新型的DNN知识产权（IP）保护机制，有效阻止攻击者使用盗用网络。受序列号在保护传统软件知识产权方面成功应用的启发，我们首次实现了DNN内的序列号嵌入。为实现这一目标，DSN被集成到知识蒸馏框架中：首先训练一个私有教师DNN，随后将其知识蒸馏并赋予一系列定制化的学生DNN。每个客户DNN仅在输入有效序列号时才能正确运行。跨多种应用的实验结果表明，DSN在无需牺牲原始DNN性能的前提下，能有效防止未授权使用。进一步实验证明，DSN能够抵御不同类别的水印攻击。