| Paper ID | B-2-2.1 |
| Paper Title |
DeepWatermark: Embedding Watermark into DNN Model |
| Authors |
Minoru Kuribayashi, Takuro Tanaka, Nobuo Funabiki, Okayama University, Japan |
| Session |
B-2-2: Data hiding in multimedia content and unconventional domain |
| Time | Wednesday, 09 December, 15:30 - 17:00 |
| Presentation Time: | Wednesday, 09 December, 15:30 - 15:45 Check your Time Zone |
|
All times are in New Zealand Time (UTC +13) |
| Topic |
Multimedia Security and Forensics (MSF): Special Session: Data hiding in multimedia content and unconventional domain |
| Abstract |
For the protection of trained deep neural network(DNN) model, it has been studied to embed a watermark into the weights of DNN. However, the amount of changes in the weights is large in the conventional methods. In addition, it is reported that the presence of hidden watermark can be detected from the analysis of weight variance, and that the watermark can be modified by effectively adding noise to the weight. In this paper, we focus on the fully-connected layers and apply a quantization-based watermarking method to the weights sampled from the layers. The advantage of the proposed method is that the changes caused by embedding watermark is much smaller and measurable. This is effective against the problems of previous works. The validity of the proposed method is quantitatively evaluated by changing the conditions during the training of DNN model. The results include the impact of training for DNN model, effective embedding method, and high robustness. |