Abstract
With the great achievements of deep learning technology, neural network models have emerged as a new type of intellectual property. Neural network models’ design and training require considerable computational resources and time. Watermarking is a potential solution for achieving copyright protection and integrity of neural network models without excessively compromising the models’ accuracy and stability. In this work, we develop a multipurpose watermarking method for securing the copyright and integrity of a steganographic autoencoder referred to as “HiDDen.” This autoencoder model is used to hide different kinds of watermark messages in digital images. Copyright information is embedded with imperceptibly modified model parameters, and integrity is verified by embedding the Hash value generated from the model parameters. Experimental results show that the proposed multipurpose watermarking method can reliably identify copyright ownership and localize tampered parts of the model parameters. Furthermore, the accuracy and robustness of the autoencoder model are perfectly preserved.
Highlights
Uchida et al [14] and Nagai et al [19] proposed a generic watermark embedding framework based on deep neural networks (DNNs) using a parametric regularizer; they could embed watermarks in the training phase of the model
The DNN model of information hiding is radically different from other models in that if the DNN model is tampered, it means that the model parameters are modified, reducing the accuracy of the image watermark detected by the model
A certain region is divided into the other convolutional layers while selecting the fully connected layer in the DNN model to embed the model watermark W2 to calculate the Hash value, which can initialize the model watermark W3. e model watermark W3 will be embedded in the redundancy parameters of the fully connected layer, which corresponds to the redundancy information of the image watermark W1. e model watermark W3 is extracted first to prove the integrity of the DNN model and locate the tampering location. e image watermark W1 and the comparative model watermark W2 can be extracted and compared to determine the accuracy of the image watermark information. us, the copyright information of the image and model can be obtained
Summary
Is approach generates visually indistinguishable watermarked images using an encoder given the input information and cover image. E HiDDen model comprises the following four main components: an encoder Eθ, a decoder Dφ, a parameter-less noise layer N, and an adversarial discriminator Ac. First, the watermark information Wi1n and the cover image Ico (size C × H × W1) are fed into the encoder Eθ. E encoder Eθ applies convolutions to the cover image to form a few intermediate representations and embeds the watermark information of length L in the encoder. After multiple convolutional layers process, the encoded image Ien is produced. The noise layer N adds noise to the encoded image Ien to produce a noisy encoded image Ie′n. Is decoder Dφ applies some convolutional layers to generate L feature channels in these intermediate representations.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
