Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
144 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Reversible Quantization Index Modulation for Static Deep Neural Network Watermarking (2305.17879v2)

Published 29 May 2023 in cs.CR and cs.AI

Abstract: Static deep neural network (DNN) watermarking techniques typically employ irreversible methods to embed watermarks into the DNN model weights. However, this approach causes permanent damage to the watermarked model and fails to meet the requirements of integrity authentication. Reversible data hiding (RDH) methods offer a potential solution, but existing approaches suffer from weaknesses in terms of usability, capacity, and fidelity, hindering their practical adoption. In this paper, we propose a novel RDH-based static DNN watermarking scheme using quantization index modulation (QIM). Our scheme incorporates a novel approach based on a one-dimensional quantizer for watermark embedding. Furthermore, we design two schemes to address the challenges of integrity protection and legitimate authentication for DNNs. Through simulation results on training loss and classification accuracy, we demonstrate the feasibility and effectiveness of our proposed schemes, highlighting their superior adaptability compared to existing methods.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (31)
  1. G. Montavon, W. Samek, and K.-R. Müller, “Methods for interpreting and understanding deep neural networks,” Digital signal processing, vol. 73, pp. 1–15, 2018.
  2. V. Sze, Y.-H. Chen, T.-J. Yang, and J. S. Emer, “Efficient processing of deep neural networks: A tutorial and survey,” Proceedings of the IEEE, vol. 105, no. 12, pp. 2295–2329, 2017.
  3. C. Szegedy, A. Toshev, and D. Erhan, “Deep neural networks for object detection,” Advances in neural information processing systems, vol. 26, 2013.
  4. W. Samek, G. Montavon, S. Lapuschkin, C. J. Anders, and K.-R. Müller, “Explaining deep neural networks and beyond: A review of methods and applications,” Proceedings of the IEEE, vol. 109, no. 3, pp. 247–278, 2021.
  5. A. Radhakrishnan, M. Belkin, and C. Uhler, “Wide and deep neural networks achieve consistency for classification,” Proceedings of the National Academy of Sciences, vol. 120, no. 14, p. e2208779120, 2023.
  6. W. Tang, B. Li, M. Barni, J. Li, and J. Huang, “An automatic cost learning framework for image steganography using deep reinforcement learning,” IEEE Trans. Inf. Forensics Secur., vol. 16, pp. 952–967, 2021.
  7. S. Lou, J. Deng, and S. Lyu, “Chaotic signal denoising based on simplified convolutional denoising auto-encoder,” Chaos, Solitons & Fractals, vol. 161, p. 112333, 2022.
  8. M. Barni, F. Pérez-González, and B. Tondi, “DNN watermarking: Four challenges and a funeral,” in IH&MMSec ’21: ACM Workshop on Information Hiding and Multimedia Security, Virtual Event, Belgium, June, 22-25, 2021, pp. 189–196, 2021.
  9. F. Regazzoni, P. Palmieri, F. Smailbegovic, R. Cammarota, and I. Polian, “Protecting artificial intelligence ips: a survey of watermarking and fingerprinting for machine learning,” CAAI Transactions on Intelligence Technology, vol. 6, no. 2, pp. 180–191, 2021.
  10. Y. Li, H. Wang, and M. Barni, “A survey of deep neural network watermarking techniques,” Neurocomputing, vol. 461, pp. 171–193, 2021.
  11. J. Zhang, Z. Gu, J. Jang, H. Wu, M. P. Stoecklin, H. Huang, and I. Molloy, “Protecting intellectual property of deep neural networks with watermarking,” in Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 159–172, 2018.
  12. Y. Uchida, Y. Nagai, S. Sakazawa, and S. Satoh, “Embedding watermarks into deep neural networks,” in Proceedings of the 2017 ACM on international conference on multimedia retrieval, pp. 269–277, 2017.
  13. M. Kuribayashi, T. Tanaka, S. Suzuki, T. Yasui, and N. Funabiki, “White-box watermarking scheme for fully-connected layers in fine-tuning model,” in Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security, pp. 165–170, 2021.
  14. Y. Li, B. Tondi, and M. Barni, “Spread-transform dither modulation watermarking of deep neural network,” Journal of Information Security and Applications, vol. 63, p. 103004, 2021.
  15. G. Pagnotta, D. Hitaj, B. Hitaj, F. Perez-Cruz, and L. V. Mancini, “Tattooed: A robust deep neural network watermarking scheme based on spread-spectrum channel coding,” arXiv preprint arXiv:2202.06091, 2022.
  16. Y. Li, L. Abady, H. Wang, and M. Barni, “A feature-map-based large-payload DNN watermarking algorithm,” in Digital Forensics and Watermarking - 20th International Workshop, IWDW 2021, Beijing, China, November 20-22, 2021, Revised Selected Papers, pp. 135–148, 2021.
  17. J. Fei, Z. Xia, B. Tondi, and M. Barni, “Supervised GAN watermarking for intellectual property protection,” in IEEE International Workshop on Information Forensics and Security, WIFS 2022, Shanghai, China, December 12-16, 2022, pp. 1–6, 2022.
  18. Y. Shi, X. Li, X. Zhang, H. Wu, and B. Ma, “Reversible data hiding: Advances in the past two decades,” IEEE Access, vol. 4, pp. 3210–3237, 2016.
  19. G. Hua, J. Huang, Y. Q. Shi, J. Goh, and V. L. L. Thing, “Twenty years of digital audio watermarking - a comprehensive review,” Signal Process., vol. 128, pp. 222–242, 2016.
  20. J. Tian, “Reversible data embedding using a difference expansion,” IEEE Trans. Circuits Syst. Video Technol., vol. 13, no. 8, pp. 890–896, 2003.
  21. D. M. Thodi and J. J. Rodríguez, “Prediction-error based reversible watermarking,” in Proceedings of the 2004 International Conference on Image Processing, ICIP 2004, Singapore, October 24-27, 2004, pp. 1549–1552, 2004.
  22. X. Wu and W. Sun, “High-capacity reversible data hiding in encrypted images by prediction error,” Signal Process., vol. 104, pp. 387–400, 2014.
  23. Z. Ni, Y. Shi, N. Ansari, and W. Su, “Reversible data hiding,” IEEE Trans. Circuits Syst. Video Technol., vol. 16, no. 3, pp. 354–362, 2006.
  24. X. Guan, H. Feng, W. Zhang, H. Zhou, J. Zhang, and N. Yu, “Reversible watermarking in deep convolutional neural networks for integrity authentication,” in Proceedings of the 28th ACM International Conference on Multimedia, oct 2020.
  25. B. Chen and G. W. Wornell, “Quantization index modulation: A class of provably good methods for digital watermarking and information embedding,” IEEE Trans. Inf. Theory, vol. 47, no. 4, pp. 1423–1443, 2001.
  26. P. Moulin and R. Koetter, “Data-hiding codes,” Proc. IEEE, vol. 93, no. 12, pp. 2083–2126, 2005.
  27. S. Lyu, “Optimized dithering for quantization index modulation,” in ICASSP 2023-2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1–5, 2023.
  28. B. Feng, W. Lu, W. Sun, J. Huang, and Y.-Q. Shi, “Robust image watermarking based on tucker decomposition and adaptive-lattice quantization index modulation,” Signal Processing: Image Communication, vol. 41, pp. 1–14, 2016.
  29. J. Qin, S. Lyu, J. Deng, X. Liang, S. Xiang, and H. Chen, “A lattice-based embedding method for reversible audio watermarking,” arXiv preprint arXiv:2209.07066, 2022.
  30. Y. LeCun and C. Cortes. ”mnist handwritten digit database”. [Online]. Available: http://yann.lecun.com/exdb/mnist/
  31. A. Krizhevsky, G. Hinton et al., “Learning multiple layers of features from tiny images,” Master’s thesis, University of Tront, 2009.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now