White-Box Watermarking Scheme for Fully-Connected Layers in Fine-Tuning Model

Minoru Kuribayashi, Takuro Tanaka, Shunta Suzuki, Tatsuya Yasui, Nobuo Funabiki

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

For the protection of trained deep neural network(DNN) models, embedding watermarks into the weights of the DNN model have been considered. However, the amount of change in the weights is large in the conventional methods, and it is reported that the existence of hidden watermark can be detected from the analysis of weight variance. This helps attackers to modify the watermark by effectively adding noise to the weight. In this paper, we focus on the fully-connected layers of fine-tuning models and apply a quantization-based watermarking method to the weights sampled from the layers. The advantage of the proposed method is that the change caused by watermark embedding is much smaller and the distortion converges gradually without using any loss function. The validity of the proposed method was evaluated by varying the conditions during the training of DNN model. The results shows the impact of training for DNN model, effectiveness of the embedding method, and high robustness against pruning attacks.

Original languageEnglish
Title of host publicationIH and MMSec 2021 - Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security
PublisherAssociation for Computing Machinery, Inc
Pages165-170
Number of pages6
ISBN (Electronic)9781450382953
DOIs
Publication statusPublished - Jun 17 2021
Event2021 ACM Workshop on Information Hiding and Multimedia Security, IH and MMSec 2021 - Virtual, Online, Belgium
Duration: Jun 22 2021Jun 25 2021

Publication series

NameIH and MMSec 2021 - Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security

Conference

Conference2021 ACM Workshop on Information Hiding and Multimedia Security, IH and MMSec 2021
Country/TerritoryBelgium
CityVirtual, Online
Period6/22/216/25/21

Keywords

  • convergence
  • fine-tuning
  • local minima
  • QIM
  • watermark

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design
  • Human-Computer Interaction
  • Software

Fingerprint

Dive into the research topics of 'White-Box Watermarking Scheme for Fully-Connected Layers in Fine-Tuning Model'. Together they form a unique fingerprint.

Cite this