面向典型移除攻击的水印提取数据集

本数据集面向鲁棒神经网络水印算法需求构建。水印作为保护神经网络知识产权的有效手段，日益受到学术界和工业界的重视。但是现有的神经网络水印方法往往存在鲁棒性不足的弊端，在实际部署情境中，攻击者可以通过模型剪枝、微调等典型移除攻击手段去除水印信息。为此，项目组提出了一种鲁棒的水印嵌入算法，并在典型图像分类模型上进行测试与验证。结果表明，所提方法在面对典型水印移除攻击（模型剪枝）时具有优异的鲁棒性。在剪枝率为60%时，平均水印提取成功率大于95%。在此基础上，项目组构建了面向典型移除攻击的水印提取数据集，包含训练数据集，算法代码和模型权重等数据，为后续高鲁棒性的模型水印技术研究提供了基准方法与技术基础。

This dataset is constructed to meet the requirements of robust neural network watermarking algorithms. As an effective means to protect the intellectual property of neural networks, watermarking has attracted increasing attention from both academia and industry. However, existing neural network watermarking methods often suffer from the drawback of insufficient robustness. In practical deployment scenarios, attackers can remove watermark information via typical removal attacks such as model pruning and fine-tuning. To address this issue, the research team proposes a robust watermark embedding algorithm, which is tested and verified on typical image classification models. The results demonstrate that the proposed method exhibits excellent robustness against typical watermark removal attacks (specifically model pruning). When the pruning rate reaches 60%, the average watermark extraction success rate exceeds 95%. On this basis, the research team constructs a watermark extraction dataset for typical removal attacks, which includes training datasets, algorithm codes, model weights and other relevant data. This work provides benchmark methods and technical foundations for subsequent research on highly robust neural network watermarking technologies.