Deep neural networks (DNNs) have achieved tremendous success in artificial intelligence (AI) fields. However, DNN models can be easily illegally copied, redistributed, or abused by criminals, seriously damaging the interests of model inventors. The copyright protection of DNN models by neural network watermarking has been studied, but the establishment of a traceability mechanism for determining the authorized users of a leaked model is a new problem driven by the demand for AI services. Because the existing traceability mechanisms are used for models without watermarks, a small number of false-positives are generated. Existing black-box active protection schemes have loose authorization control and are vulnerable to forgery attacks. Therefore, based on the idea of black-box neural network watermarking with the video framing and image perceptual hash algorithm, a passive copyright protection and traceability framework PCPT is proposed that uses an additional class of DNN models, improving the existing traceability mechanism that yields a small number of false-positives. Based on an authorization control strategy and image perceptual hash algorithm, a DNN model active copyright protection and traceability framework ACPT is proposed. This framework uses the authorization control center constructed by the detector and verifier. This approach realizes stricter authorization control, which establishes a strong connection between users and model owners, improves the framework security, and supports traceability verification.

翻译：深度神经网络（DNN）已在人工智能领域取得巨大成功。然而，DNN模型容易被不法分子非法复制、分发或滥用，严重损害模型发明者的利益。现有研究通过神经网络水印技术实现DNN模型的版权保护，但如何建立泄露模型授权用户的溯源机制，已成为人工智能服务需求驱动下的新问题。由于现有溯源机制适用于无水印模型，其会产生少量假阳性结果。现有黑盒主动保护方案授权控制松散，易遭受伪造攻击。为此，基于黑盒神经网络水印思想，结合视频帧与图像感知哈希算法，本文提出被动式版权保护与溯源框架PCPT，该框架利用DNN模型的额外类别改进现有易产生少量假阳性结果的溯源机制。基于授权控制策略与图像感知哈希算法，本文进一步提出主动式DNN模型版权保护与溯源框架ACPT。该框架通过检测器与验证器构建授权控制中心，实现更严格的授权控制，建立用户与模型所有者之间的强关联，提升框架安全性并支持溯源验证。