Patent attributes
The invention discloses a DNN watermarking method, comprising embedding part of the digital watermark in selected redundant elements of a deep neural network (DNN) model—without compromising the performance of the DNN. The proposed method aims for a robust watermark scheme by embedding a large watermark that can span the whole DNN model. If an adversary attempts to destroy the watermark, the whole DNN model will be destroyed. However, maximizing the hiding capacity can lead to degradation in the performance of the DNN model. In this work, this capacity-performance trade-off problem is solved using the Discrete Cosine Transform (DCT). Moreover, the DCT can work more efficiently with highly correlated data. Therefore, this work suggests segmenting the weights of the DNN model into correlated segments to fully exploit the advantages of the DCT.