DNN self-embedding watermarking: Towards tampering detection and parameter recovery for deep neural network

In recent years, a large number of deep neural networks (DNN) models have been built and deployed, which need to be protected against malicious tampering by the adversary. This work is the first to pro-pose a recoverable, self-embedding fragile watermarking scheme for DNN models to protect the model integrity. This scheme can not only identify and locate the tampered parameter blocks in the model, but can also recover the damaged parameters accurately. Detailedly, through exploiting the characteristics of the to-be-protected DNN model, the authentication data and recovery data are generated, and then the reference sharing mechanism is used to embed these data into the model without affecting its original functionality, which can realize the model parameter recovery under different tampering rates. Experi-mental results demonstrate that, the proposed scheme can achieve satisfactory performance of tamper-ing detection and parameter recovery with low device requirements and can be effectively adaptable to a variety of existing DNNs.(c) 2022 Elsevier B.V. All rights reserved.

Automated summary

This study proposes a novel protection scheme for deep neural network (DNN) models, which utilizes a self-embedding fragile watermark to ensure model integrity and parameter recovery. The experimental results demonstrate that the proposed scheme achieves satisfactory tampering detection and parameter recovery with low device requirements, and it can be effectively applied to various existing DNN models.