Static deep neural network (DNN) watermarking embeds watermarks into the weights of DNN model by irreversible methods, but this will cause permanent damage to watermarked model and can not meet the requirements of integrity authentication. For these reasons, reversible data hiding (RDH) seems more attractive for the copyright protection of DNNs. This paper proposes a novel RDH-based static DNN watermarking method by improving the non-reversible quantization index modulation (QIM). Targeting the floating-point weights of DNNs, the idea of our RDH method is to add a scaled quantization error back to the cover object. Two schemes are designed to realize the integrity protection and legitimate authentication of DNNs. Simulation results on training loss and classification accuracy justify the superior feasibility, effectiveness and adaptability of the proposed method over histogram shifting (HS).

翻译：静态深度神经网络（DNN）水印通过不可逆方法将水印嵌入DNN模型权重中，但这会对已水印模型造成永久性损伤，且无法满足完整性认证需求。为此，可逆数据隐藏（RDH）技术在DNN版权保护中展现出更大潜力。本文通过改进不可逆量化索引调制（QIM）方法，提出一种基于RDH的新型静态DNN水印技术。针对DNN的浮点权重，本方法的核心理念是将缩放后的量化误差重新添加至载体对象。通过设计两种方案分别实现DNN的完整性保护与合法身份认证。训练损失与分类精度的仿真结果表明，相较于直方图平移（HS）方法，所提方法在可行性、有效性及适应性方面均具有显著优势。