Deep neural networks (DNNs) have achieved significant success in real-world applications. However, safeguarding their intellectual property (IP) remains extremely challenging. Existing DNN watermarking for IP protection often require modifying DNN models, which reduces model performance and limits their practicality. This paper introduces FreeMark, a novel DNN watermarking framework that leverages cryptographic principles without altering the original host DNN model, thereby avoiding any reduction in model performance. Unlike traditional DNN watermarking methods, FreeMark innovatively generates secret keys from a pre-generated watermark vector and the host model using gradient descent. These secret keys, used to extract watermark from the model's activation values, are securely stored with a trusted third party, enabling reliable watermark extraction from suspect models. Extensive experiments demonstrate that FreeMark effectively resists various watermark removal attacks while maintaining high watermark capacity.

翻译：深度神经网络（DNNs）在现实应用中取得了显著成功。然而，保护其知识产权（IP）仍然极具挑战性。现有的用于IP保护的DNN水印技术通常需要修改DNN模型，这会降低模型性能并限制其实用性。本文提出FreeMark，一种新颖的DNN水印框架，该框架利用密码学原理，无需修改原始宿主DNN模型，从而避免了模型性能的任何下降。与传统DNN水印方法不同，FreeMark创新性地通过梯度下降从预生成的水印向量和宿主模型中生成密钥。这些密钥用于从模型的激活值中提取水印，并由可信第三方安全存储，从而能够从可疑模型中可靠地提取水印。大量实验表明，FreeMark在保持高水印容量的同时，能有效抵抗各种水印去除攻击。