| 1 Functions | 2 Reference Architecture | 3 I/O Data |
| 4 Functions of AI Modules | 5 I/O Data of AI Modules | 6 AIW, AIMs, and JSON Metadata |
| 7 Reference Software | 8 Conformance Texting | 9 Performance Assessment |
1 Functions
The With Inference Robustness (NNW-WIR) receives watermarked parameters, the testing dataset, the payload and provides both the retrieved payload and the number of incorrect bits (Count error).
2 Reference Model
Figure 1 specifies the With Inference Robustness (NNW-WIR) Reference Model including the input/output data, the AIMs, and the data exchanged between and among the AIMs.
Figure 1 – Reference Model of With Inference Robustness (NNW-WIR))
The operation of With Inference Robustness (NNW-WIR) develops in the following way:
- A user provides
- The Original payload
- The Testing dataset
- The Watermarked parameters
- The machine provides
- The Count Error
- The Retrieved Payload
3 I/O Data
The input and output data of the With Inference Robustness (NNW-WIR) Use Case are:
Table 1 – I/O Data of With Inference Robustness (NNW-WIR)
| Input | Descriptions |
| Original Payload | The information originally inserted. |
| Testing dataset | A set of input to do the inference. |
| Watermarked parameters | The parameters of a watermarked AIM. |
| Output | Descriptions |
| Count error | The number of incorrect bits in the retrieved payload. |
| Retrieved payload | The output of the decoding procedure of the watermarking method. |
4 Functions of AI Modules
Table 2 provides the functions of the With Inference Robustness (NNW-WIR) Use Case.
Table 2 – Functions of AI Modules of With Inference Robustness (NNW-WIR)
| AIM | Function |
| Modification module | Modifies the parameters of the watermarked AIM. |
| Modified AIM | Produces inference using the testing dataset and the modified parameters. |
| WIR Watermark Decoder | Retrieves the payload using the watermarking method. |
| Comparator | Compares the retrieved payload to the original payload. |
5 I/O Data of AI Modules
The AI Modules of With Inference Robustness (NNW-WIR) are given in Table 3.
Table 3 – AI Modules of With Inference Robustness (NNW-WIR)
| AIM | Receives | Produces |
| Modification module | Watermarked parameters | Modified parameters |
| Modified AIM | 1. Testing dataset
2. Modified parameters |
Modified inference |
| WIR Watermark Decoder | Modified inference | Retrieved payload |
| Comparator | 1. Original payload
2. Retrieved payload |
Unwatermarked inference |
6 AIW, AIMs, and JSON Metadata
Table 4 provides the links to the AIW and AIM specifications and to the JSON syntaxes. AIMs/1 indicates that the column contains Composite AIMs and AIMs indicates that the column contains their Basic AIMs.
Table 4 – AIW, AIMs, and JSON Metadata
| AIW | AIM | Name | JSON |
| NNW-WIR | With Inference Robustness | X | |
| NNW-MFM | Modification Module | X | |
| NNW-MDM | Modified Module | X | |
| NNW-WWD | WIR Watermark Decoder | X |
7 Reference Software
7.1 Disclaimers
- This NNW-WIR Reference Software Implementation is released with the BSD-3-Clause licence.
- The purpose of this Reference Software is to demonstrate a working Implementation of NNW-WIR, not to provide a ready-to-use product.
- MPAI disclaims the suitability of the Software for any other purposes and does not guarantee that it is secure.
- Use of this Reference Software may require acceptance of licences from the respective repositories. Users shall verify that they have the right to use any third-party software required by this Reference Software.
7.2 Guide to the NNW-WIR code
Use of this AI Workflow is for developers who are familiar with Python and PyTorch libraries,
The robustness.py code allow a User to evaluate the robustness of a watermarking method on the image classification task:
- The watermarking method is implemented as a Python Class
- The attack is performed using mainAttack.py
The NNW-WIR Reference Software is found at the gitlab site. It contains:
- The python code implementing the AIW.
- The required libraries are: pytorch, tqdm
8 Conformance Testing
9 Performance Assessment
