Go to DBLP homepageNeural Network Watermarking With Hierarchical Recoverability
Abstract: In recent years, neural network models have been widely used in many tasks, however, tampering operations from malicious attackers, e.g., backdoor attacks and parameter malicious tampering, can easily degrade the model performance or cause a malfunction. To protect the integrity of neural network model, in this paper, we propose a neural network watermarking scheme with hierarchical recoverability (NNWHR), which not only can identify and locate the tampered parameters, but also can recover the tampered parameters in a hierarchical way. Detailedly, the parameters of to-be-protected network layers are first sorted according to the parameter importances, which are calculated through a specifically designed strategy for parameter evaluation. Then, the reference sharing mechanism is used to generate more number of recovery bits and provide greater perfect recovery probabilities for the parameters with higher importances, which can also deal with larger tampering rates through bit interleaving. Finally, the recovery bits and the authentication bits of model parameters are incorporated as watermark bits and embedded into the model redundant space after scrambling. Experimental results show that our scheme can locate tampered model parameters and recover corresponding model performance with satisfactory accuracy, and can also be applied to eliminate backdoor attacks. In addition, our scheme exhibits satisfactory generalizability, which makes it applicable to various types of neural networks.
External IDs:dblp:journals/tdsc/HuangQFZ25
Loading