Name
Abstract | ||
|---|---|---|
ABSTRACTFor the protection of trained deep neural network(DNN) models, embedding watermarks into the weights of the DNN model have been considered. However, the amount of change in the weights is large in the conventional methods, and it is reported that the existence of hidden watermark can be detected from the analysis of weight variance. This helps attackers to modify the watermark by effectively adding noise to the weight. In this paper, we focus on the fully-connected layers of fine-tuning models and apply a quantization-based watermarking method to the weights sampled from the layers. The advantage of the proposed method is that the change caused by watermark embedding is much smaller and the distortion converges gradually without using any loss function. The validity of the proposed method was evaluated by varying the conditions during the training of DNN model. The results shows the impact of training for DNN model, effectiveness of the embedding method, and high robustness against pruning attacks. |
Year | DOI | Venue |
|---|---|---|
2021 | 10.1145/3437880.3460402 | Information Hiding and Multimedia Security |
DocType | Citations | PageRank |
Conference | 0 | 0.34 |
References | Authors | |
0 | 5 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Minoru Kuribayashi | 1 | 0 | 1.35 |
| Takuro Tanaka | 2 | 0 | 0.34 |
| Shunta Suzuki | 3 | 0 | 0.34 |
| Tatsuya Yasui | 4 | 0 | 1.35 |
| N Funabiki | 5 | 61 | 6.76 |