Deep neural network watermarking based on a reversible image hiding network

Recently, many researchers have proposed deep neural network (DNN) watermarking technologies, DNN watermarking approaches can be divided into two categories: static watermarking and dynamic watermarking methods. A static watermark is embedded into the internal parameters of a DNN model, but a dynami...

Full description

Saved in:
Bibliographic Details
Published inPattern analysis and applications : PAA Vol. 26; no. 3; pp. 861 - 874
Main Authors Wang, Linna, Song, Yunfei, Xia, Daoxun
Format Journal Article
LanguageEnglish
Published London Springer London 01.08.2023
Springer Nature B.V
Subjects
Application programming interface
Artificial neural networks
Computer Science
Image reconstruction
Neural networks
Pattern Recognition
Short Paper
Side effects
Training
Watermarking
Undetectability
Deep neural network
Ownership verification
Image hiding
Digital watermarking
Online AccessGet full text

Cover

More Information
Summary:Recently, many researchers have proposed deep neural network (DNN) watermarking technologies, DNN watermarking approaches can be divided into two categories: static watermarking and dynamic watermarking methods. A static watermark is embedded into the internal parameters of a DNN model, but a dynamic watermark relies on the specific training data of the DNN model and uses the associated neuron activation map or the output result by the DNN model to extract the watermark information. Dynamic watermarks mostly use DNN application programming interfaces(APIs) to remotely access DNN models and extract their watermarks to prove their copyright, so dynamic watermarking technology is more popular. According to the distribution inconsistency between a dynamic watermark and training data, an attacker can detect the dynamic watermark, so that the model owner cannot obtain the desired prediction results and then verify the copyright of the suspect model. To this end, we propose a dynamic watermarking approach based on a reversible image hiding network, which improved the undetectability of a DNN watermark, and it can perfectly reconstruct the secret image as the copyright logo of a DNN model. We perform our work on the MNIST, Fashion-MNIST, CIFAR-10, CIFAR-100, and Caltech-101 datasets. The experimental results show that our method has higher DNN watermarking accuracy and higher undetectability with no significant side effects on the main functions of the host DNN model.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1433-7541
1433-755X
DOI:10.1007/s10044-023-01140-4