公开(公告)号：US20220164417A1

公开(公告)日：2022-05-26

申请号：US17361994

申请日：2021-06-29

Applicant: KOREA ADVANCED INSTITUTE OF SCIENCE AND TECHNOLOGY

Inventor： Sooel Son ,  Suyoung Lee

IPC: G06F21/14 ,  G06F21/16 ,  G06N3/08

Abstract: Disclosed is a method of evaluating robustness of artificial neural network watermarking against model stealing attacks. The method of evaluating robustness of artificial neural network watermarking may include the steps of: training an artificial neural network model using training data and additional information for watermarking; collecting new training data for training a copy model of a structure the same as that of the trained artificial neural network model; training the copy model of the same structure by inputting the collected new training data into the copy model; and evaluating robustness of watermarking for the trained artificial neural network model through a model stealing attack executed on the trained copy model.