Official pytorch implementation of the paper: "Protecting Intellectual Property of Generative Adversarial Networks from Ambiguity Attack"
Updated on November 9, 2021
Ever since Machine Learning as a Service (MLaaS) emerges as a viable business that utilizes deep learning models to generate lucrative revenue, Intellectual Property Right (IPR) has become a major concern because these deep learning models can easily be replicated, shared, and re-distributed by any unauthorized third parties. To the best of our knowledge, one of the prominent deep learning models - Generative Adversarial Networks (GANs) which has been widely used to create photorealistic image are totally unprotected despite the existence of pioneering IPR protection methodology for Convolutional Neural Networks (CNNs). This paper therefore presents a complete protection framework in both black-box and white-box settings to enforce IPR protection on GANs. Empirically, we show that the proposed method does not compromise the original GANs performance (i.e. image generation, image super-resolution, style transfer), and at the same time, it is able to withstand both removal and ambiguity attacks against embedded watermarks.
Figure 1: Overview of our proposed GANs protection framework in black-box setting.
The code is tested on Python 3.8.8
and PyTorch 1.8.0
.
$ pip install -r requirements.txt
Modify the config files in configs/
, then run the following command:
$ python train.py -c configs/<path-to-yaml-file>
$ tensorboard --logdir log/
$ python eval.py -l log/<directory> -s sample/
To evaluate CycleGAN on CityScapes, you can use the code in scripts/
. You need to rename the trained log directory log/CycleGAN-XXXX-CITY-X
to scripts/log
and run run.py
. Next, you need to download the fcn-8s-cityscapes.caffemodel
and put it in scripts/caffemodel
directory (Please see the original CycleGAN repo). Finally, you should put the cityscapes ground-truth images in scripts/gt/
. The file structure should be as shown below:
scripts/
├─ caffemodel/
│ ├─ deploy.prototxt
│ └─ fcn-8s-cityscapes.caffemodel
├─ gt/
│ ├─ 1.png
│ ├─ ...
│ └─ 499.png
├─ log/
│ ├─ samples
│ │ ├─ 1.png
│ │ ├─ ...
│ │ └─ 499.png
│ ├─ metrics.json
│ └─ ...
├─ Dockerfile
├─ labels.py
└─ run.py
Then, run python run.py
to start the evaluation.
$ python attack.py -l log/<directory> -m <finetune/overwrite> -w <path-to-new-watermark> -d <to-load-discriminator>
$ python prune.py -l log/<directory> -s sample/
$ python sign_flip.py -l log/<directory> -s sample/
If you find this work useful for your research, please cite
@inproceedings{GanIPR,
title={Protecting Intellectual Property of Generative Adversarial Networks from Ambiguity Attack},
author={Ong, Ding Sheng and Chan, Chee Seng and Ng, Kam Woh and Fan, Lixin and Yang, Qiang},
booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
year={2021},
}
Suggestions and opinions on this work (both positive and negative) are greatly welcomed. Please contact the authors by sending an email to
sheng970303@gmail.com
or cs.chan@um.edu.my
.
The project is open source under BSD-3 license (see the LICENSE
file).
©2021 University of Malaya and WeBank.