Anti-pruning multi-watermarking for ownership proof of steganographic autoencoders

Abstract

Model watermarking Model watermarking is a method for embedding watermark information into a neural network model. It proves the ownership of the model without affecting its performance. Since there are plenty of attacks against model pruning, it becomes more significant to design anti-pruning model watermarking algorithms. In this paper, multiple watermark embedding is performed to protect the model copyright for the image steganography auto-encoder model “Hiding Data with Deep Networks” (HiDDeN). Firstly, the appropriate model weights are selected by employing three classical model pruning algorithms of model weights. Secondly, the model watermark is spread by using Discrete Cosine Transform (DCT)-based image watermarking algorithm, which improves the noise and pruning resistance of the model watermark. Finally, the model watermark is embedded to the 4th and 5th decimal places of the selected model weights. The experimental results demonstrate that the proposed algorithm has a good robustness against model pruning without affecting the watermark extraction performance of the auto-encoder network model. Even with the embedded model watermark, the decoder's watermark extraction accuracy is still higher than 0.9993. and the autoencoder is still valuable when the model weights are pruned by 40%. Furthermore, the proposed algorithm has a certain degree of improvements in watermarking capacity.