With the widespread application in industrial manufacturing and commercial services, well-trained deep neural networks (DNNs) are becoming increasingly valuable and crucial assets due to the tremendous training cost and excellent generalization performance. These trained models can be utilized by users without much expert knowledge benefiting from the emerging ''Machine Learning as a Service'' (MLaaS) paradigm. However, this paradigm also exposes the expensive models to various potential threats like model stealing and abuse. As an urgent requirement to defend against these threats, Deep Intellectual Property (DeepIP), to protect private training data, painstakingly-tuned hyperparameters, or costly learned model weights, has been the consensus of both industry and academia. To this end, numerous approaches have been proposed to achieve this goal in recent years, especially to prevent or discover model stealing and unauthorized redistribution. Given this period of rapid evolution, the goal of this paper is to provide a comprehensive survey of the recent achievements in this field. More than 190 research contributions are included in this survey, covering many aspects of Deep IP Protection: challenges/threats, invasive solutions (watermarking), non-invasive solutions (fingerprinting), evaluation metrics, and performance. We finish the survey by identifying promising directions for future research.

翻译：随着在工业制造和商业服务中的广泛应用，经过良好训练的深度神经网络（DNNs）因其巨大的训练成本和卓越的泛化性能，正成为日益珍贵的关键资产。借助新兴的“机器学习即服务”（MLaaS）范式，用户无需具备专业专家知识即可使用这些训练好的模型。然而，该范式也将这些昂贵的模型暴露于各种潜在威胁之中，例如模型窃取和滥用。作为应对这些威胁的迫切需求，深度学习知识产权（DeepIP）——旨在保护私有训练数据、精心调优的超参数或代价高昂的学习模型权重——已成为工业界和学术界的共识。为此，近年来已有众多方法被提出以实现这一目标，特别是防止或发现模型窃取与未授权再分发。鉴于这一领域的快速演变，本文旨在对该领域近期取得的成果进行系统性综述。本综述涵盖了超过190篇研究文献，深入探讨了深度知识产权保护的多个方面：挑战/威胁、侵入式解决方案（水印）、非侵入式解决方案（指纹）、评估指标及性能。最后，我们指出了未来研究的潜在方向。