Extending Null Embedding for Deep Neural Network (DNN) Watermarking

None, None; None, None; None, None

Extending Null Embedding for Deep Neural Network (DNN) Watermarking

Conference Paper (2025)

Author(s)

Kaan Altınay (Student TU Delft)

Devri İş Ler (IMDEA Networks Institute, Carlos III University of Madrid)

Zekeriya Erkin (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Faculty

Electrical Engineering, Mathematics and Computer Science

Ownership Watermarking DNN Watermarking

DOI related publication

https://doi.org/10.5220/0013641200003979 Final published version

To reference this document use

https://resolver.tudelft.nl/uuid:68ee659d-4e9f-4ac8-b79a-b4c3b6951d6d

More Info

expand_more

Publication Year

2025

Language

English

Faculty

Electrical Engineering, Mathematics and Computer Science

Pages (from-to)

771-776

Publisher

Science and Technology Publications, Lda

ISBN (print)

9789897587603

Event

22nd International Conference on Security and Cryptography, SECRYPT 2025 (2025-06-11 - 2025-06-13), Bilbao, Spain

Downloads counter

120

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

The rise of Machine Learning (ML) has opened new business opportunities, particularly through Machine Learning as a Service (MLaaS), where costly models like Deep Neural Networks (DNNs) can be outsourced. However, this also raises concerns about model piracy. To protect against unauthorized use, watermarking techniques have been developed. One such method, null embedding by Li et al., disables the model if pirated but reduces classification accuracy. This paper proposes modifications to the null-embedding technique that reduce this impact and keep the classification accuracy close to that of a non-watermarked model.

Files

136412.pdf

(pdf | 0.334 Mb)