Extending Null Embedding for Deep Neural Network (DNN) Watermarking

Abstract

The advancement of Machine Learning (ML) in the last decade has created new business prospects for developers working on ML models. Models that are expensive and time-consuming to design and train can now be outsourced from others to reduce costs using Machine Learning as a service (MLaaS). \textbf{Deep Neural Networks (DNNs)} are particularly expensive to train, therefore many who need a DNN utilize the services of an MLaaS provider. This creates the \textbf{possibility of piracy} of this valuable asset, and the need to prevent piracy to assure a fair market. To address this need, research has been conducted on protecting DNNs using various watermarking techniques. A work by \textit{Li et al.} has proposed null-embedding, a technique that renders the DNN useless if it is subject to a piracy attack. Despite being effective, this method was shown to reduce classification performance when embedding a watermark into the model. This paper suggests modifications to the null-embedding technique that reduce this impact and keep the classification accuracy close to that of a non-watermarked model.