Deep Learning Model Protection using Negative Correlation-based Watermarking with Best Embedding Regions

Deep learning has been used in several fields, such as image classification and data analysis. Training a high-performance model is expensive; thus, its property value is high. Watermarking is a representative technology that provides intellectual property protection for models. In this study, we proposed white-box watermarking using a modified Barni’s method (our previous study) for image watermarking. Our method is applicable to pre-trained models because the watermark is embedded in the parameters of the network without training. The proposed method embeds multiple watermarking into neural networks using different keys. We evaluated the method using ResNet-50 trained on CIFAR-10 datasets and confirmed that our watermarking method has high fidelity and robustness against model compression and retraining. The experimental results reveal that our proposed approach can embed up to 10 watermarks with less than 0.1% loss of accuracy. They also indicate the method can completely detect watermarks even after 90% of the parameters are pruned and then transfer learned with CIFAR-100.