Generative adversarial networks (GANs) have shown remarkable success in image synthesis, making GAN models themselves commercially valuable to legitimate model owners. Therefore, it is critical to technically protect the intellectual property of GANs. Prior works need to tamper with the training set or training process, and they are not robust to emerging model extraction attacks. In this paper, we propose a new ownership protection method based on the common characteristics of a target model and its stolen models. Our method can be directly applicable to all well-trained GANs as it does not require retraining target models. Extensive experimental results show that our new method can achieve the best protection performance, compared to the state-of-the-art methods. Finally, we demonstrate the effectiveness of our method with respect to the number of generations of model extraction attacks, the number of generated samples, different datasets, as well as adaptive attacks.

翻译：生成对抗网络（GANs）在图像合成领域取得了显著成功，使得GAN模型本身对合法模型拥有者具有商业价值。因此，从技术角度保护GAN的知识产权至关重要。现有方法需要篡改训练集或训练过程，并且对新兴的模型提取攻击缺乏鲁棒性。本文提出了一种基于目标模型与其被盗模型共同特征的新型拥有权保护方法。我们的方法可直接适用于所有经过充分训练的GAN模型，因为无需重新训练目标模型。大量实验结果表明，与最先进方法相比，我们的新方法能够实现最佳的保护性能。最后，我们针对模型提取攻击的代数、生成样本数量、不同数据集以及自适应攻击验证了该方法的有效性。