Static deep neural network (DNN) watermarking techniques typically employ irreversible methods to embed watermarks into the DNN model weights. However, this approach causes permanent damage to the watermarked model and fails to meet the requirements of integrity authentication. Reversible data hiding (RDH) methods offer a potential solution, but existing approaches suffer from weaknesses in terms of usability, capacity, and fidelity, hindering their practical adoption. In this paper, we propose a novel RDH-based static DNN watermarking scheme using quantization index modulation (QIM). Our scheme incorporates a novel approach based on a one-dimensional quantizer for watermark embedding. Furthermore, we design two schemes to address the challenges of integrity protection and legitimate authentication for DNNs. Through simulation results on training loss and classification accuracy, we demonstrate the feasibility and effectiveness of our proposed schemes, highlighting their superior adaptability compared to existing methods.

翻译：静态深度神经网络水印技术通常采用不可逆方法将水印嵌入到模型权重中。然而，这种方式会对被水印模型造成永久性损伤，且无法满足完整性认证需求。可逆数据隐藏方法虽能提供潜在解决方案，但现有方法在可用性、容量和保真度方面存在缺陷，阻碍了其实际应用。本文提出一种基于量化索引调制的可逆数据隐藏静态深度神经网络水印方案。该方案采用基于一维量化器的创新方法实现水印嵌入。此外，我们设计了两种技术方案应对深度神经网络的完整性保护与合法认证挑战。通过训练损失和分类准确率的仿真实验表明，所提方案具有可行性和有效性，且相比现有方法展现出更优的适应性。