This projects aims at training and watermarking an image classifier, using this article's method : https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-adi.pdf
We define our own keys or triggerset, a set of images that should have a predetermined output through the model, thus claiming its intellectual property.
We will explore the parameters leading to most efficient watermarking of a given model as well as attacks on such a watermark.
Clément Véron
Hana Naji
Paul Lavandier
Thomas Bouinière
Rémi Godet
A team of students at CentraleSupélec.
The only input from the user should be limited at main.py.
You will define a dictionary, named in our exemple analysis_params. This dict will describe all the steps of the program. It contains two list of tuples as values : processes and analysis.
Processes
Processes describes the step of building a model:
- some vanilla training "train" with the training parameters* (model_params dict) and the dataset to train on (data_params)
- some WM training step "wm" with training parameters*, triggerset (trigger_params) and training dataset
*the model_params training parameters details if the model should be saved, loaded, the classifier module used and its hyperparams dict, the latter defining the model hyper-parameters, see details in nomenclature.md.
Analysis
Analysis describes the test steps of the model:
- you can choose the module (e.g. "accuracy") to test the model on
- add the needed parameters (see nomenclature.md)
- repeat for all tests needed (all WM, all model saved)
Add to view draw.io files in vscode editor :
Name: Draw.io Integration Id: hediet.vscode-drawio Publisher: Henning Dieterichs VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=hediet.vscode-drawio