面向典型重写攻击下水印嵌入数据集

本数据集针对深度学习模型水印技术面临的重写攻击威胁构建。作为数字知识产权保护的主流技术，神经网络水印在防范模型盗用中发挥着关键作用。然而，攻击者可通过水印重写攻击绕过版权验证机制，严重威胁模型知识产权保护体系的有效性。为此，本项目组采用典型图像分类模型ResNet-18模型作为基础架构，通过三种创新性水印嵌入方法构建受保护模型，并系统性地实施典型重写攻击以测试水印的存续能力。经测试，所提方法在面对典型重写攻击时平均误码率为26.45%，展现出较好的鲁棒性。在此基础上，项目组构建了面向典型重写攻击下水印嵌入数据集，为后续鲁棒神经网络确权方法的研究提供了坚实的基准方法与技术基础。

This dataset is constructed to address the threat of rewriting attacks targeting deep learning model watermarking technologies. As a mainstream technology for digital intellectual property (IP) protection, neural network watermarking plays a critical role in preventing model theft. However, attackers can bypass copyright verification mechanisms via watermark rewriting attacks, severely undermining the effectiveness of model intellectual property protection systems. To mitigate this issue, our project team adopted the representative image classification model ResNet-18 as the base architecture, developed protected models through three innovative watermark embedding approaches, and systematically conducted typical rewriting attacks to evaluate the survivability of the embedded watermarks. Experimental results show that the proposed methods achieve an average bit error rate (BER) of 26.45% against typical rewriting attacks, demonstrating good robustness. On this basis, the project team constructed a watermark embedding dataset under typical rewriting attack scenarios, providing a solid benchmark and technical foundation for subsequent research on robust neural network ownership verification methods.