WatermarkNN Evaluating Black-Box Watermarking in DNN
Creators
- 1.
TU Wien
Description
Context and methodology
- The datasets were created within the project WatermakNN: Evaluating Black-Box Watermarking Robustness in Deep Learning. The aim is to study how robust neural watermarking techniques remain under black-box access by training and evaluating image-classification models with embedded trigger sets.
- The main purpose is to validate the results for peer review.
Technical details
P1 — results.csv
Type: Structured text (CSV)
Purpose: Contains evaluation metrics such as training/test accuracy, attack retention, and robustness statistics.
Methodology: Generated during training and evaluation of watermarked and baseline SqueezeNet models.
Structure: Tabular CSV; rows represent experiments; columns contain metric names and numerical results.
Software: Any spreadsheet tool; typically read with Python (pandas).
Notes: No sensitive data.
P2 — TransformedMNIST
Type: Structured text (CSV)
Purpose: MNIST after applying standard ImageNet-like preprocessing steps for uniformity with the model pipeline.
Methodology: MNIST 28×28 grayscale images processed through resizing, normalization, and channel expansion.
Structure: CSV containing per-sample pixel values or derived features.
Software: Python; compatible with common machine-learning toolchains.
Notes: No sensitive data.
P3 — TransformedFashionMNIST
Type: Structured text (CSV)
Purpose: Fashion-MNIST transformed using the same ImageNet preprocessing pipeline as P2.
Methodology: Identical process as for TransformedMNIST.
Structure: CSV; each entry corresponds to a transformed Fashion-MNIST sample.
Software: Python.
Notes: No sensitive data.
P4 — SqueezenetScratchMNISTEmbedded (.caffemodel)
Type: Configuration/model data (Caffe model)
Purpose: SqueezeNet model trained from scratch on MNIST with an embedded trigger set for watermarking evaluation.
Methodology: Training with custom triggers (R3) embedded into selected samples.
Structure: Caffe model binary (weights + architecture).
Software: Caffe, Python wrappers.
Notes: No sensitive data.
P5 — SqueezenetScratchFashionMNISTEmbedded (.caffemodel)
Type: Configuration/model data (Caffe model)
Purpose: Equivalent to P4 but trained on Fashion-MNIST.
Methodology: Same embedding procedure; trained from scratch with injected trigger patterns.
Structure: Caffe model binary.
Software: Caffe.
Notes: No sensitive data.
R3 — Trigger Set
Source: https://github.com/adiyoss/WatermarkNN/tree/master/data/trigger_set/pics
Content: Small set of trigger images used to embed a digital watermark into models.
Use: Watermark embedding for P4 and P5.
_________________________________________________________
Additionally a snapshot of the repository tied to the results is added in a zip
The final report descibing the methodlogy is also added as pdf:
Final_report.pdf
Technical info (English)
License mapping:
P1 = CC-BY-4.0
P2 = CC-BY-SA-4.0
P3 = CC-BY-SA-4.0
P4 = BSD-2-Clause
P5 = BSD-2-Clause
R3 = CC0
CODE = MIT
Files
Final_report.pdf
Files (561.6 MiB)
| Name | Size | |
|---|---|---|
| md5:edd32b9b30dae83dd89399af0bfc3fc7 | 192.7 KiB | Preview Download |
| md5:61c5137ac38e91858b88c77b692dbc53 | 2.0 KiB | Preview Download |
| md5:997c7d1090e01f6462b202595c67bdf4 | 1.1 KiB | Preview Download |
| md5:1d01bee55a7381b3c08a6823878c8098 | 535.9 MiB | Preview Download |
| md5:0357e4e11d173c72a01615888826bc8e | 4.7 MiB | Download |
| md5:0357e4e11d173c72a01615888826bc8e | 4.7 MiB | Download |
| md5:e909e95525f1569526b6400df4ad9ef8 | 354 Bytes | Preview Download |
| md5:716f395bf8eb3ef1d43d6fa637824904 | 366 Bytes | Preview Download |
| md5:5caeb9c364bcbc2b35936b87192da611 | 16.0 MiB | Preview Download |
Additional details
Related works
- Is documented by
- Data Management Plan: 10.5281/zenodo.17650613 (DOI)