In this paper, we present DSN (Deep Serial Number), a simple yet effective watermarking algorithm designed specifically for deep neural networks (DNNs). Unlike traditional methods that incorporate identification signals into DNNs, our approach explores a novel Intellectual Property (IP) protection mechanism for DNNs, effectively thwarting adversaries from using stolen networks. Inspired by the success of serial numbers in safeguarding conventional software IP, we propose the first implementation of serial number embedding within DNNs. To achieve this, DSN is integrated into a knowledge distillation framework, in which a private teacher DNN is initially trained. Subsequently, its knowledge is distilled and imparted to a series of customized student DNNs. Each customer DNN functions correctly only upon input of a valid serial number. Experimental results across various applications demonstrate DSN's efficacy in preventing unauthorized usage without compromising the original DNN performance. The experiments further show that DSN is resistant to different categories of watermark attacks.

翻译：本文提出DSN（深度序列号），一种专门针对深度神经网络设计的高效且简洁的水印算法。与传统方法在深度神经网络中嵌入识别信号不同，本方法探索了全新的知识产权保护机制，能有效阻止攻击者使用窃取的网络。受序列号在传统软件知识产权保护中成功应用的启发，我们首次实现了在深度神经网络中嵌入序列号。为此，DSN被集成到知识蒸馏框架中：首先训练一个私有教师深度神经网络，随后将该网络知识蒸馏至一系列定制化学生深度神经网络。每个客户深度神经网络仅在输入有效序列号时才能正确运行。跨多种应用的实验结果表明，DSN在防止未授权使用的同时，未损害原始深度神经网络的性能。实验进一步证明，DSN能抵御各类水印攻击。