Artificial Intelligence has found wide application, but also poses risks due to unintentional or malicious tampering during deployment. Regular checks are therefore necessary to detect and prevent such risks. Fragile watermarking is a technique used to identify tampering in AI models. However, previous methods have faced challenges including risks of omission, additional information transmission, and inability to locate tampering precisely. In this paper, we propose a method for detecting tampered parameters and bits, which can be used to detect, locate, and restore parameters that have been tampered with. We also propose an adaptive embedding method that maximizes information capacity while maintaining model accuracy. Our approach was tested on multiple neural networks subjected to attacks that modified weight parameters, and our results demonstrate that our method achieved great recovery performance when the modification rate was below 20%. Furthermore, for models where watermarking significantly affected accuracy, we utilized an adaptive bit technique to recover more than 15% of the accuracy loss of the model.

中文翻译：

---

深度神经网络中具有自互检查参数的自适应水印

人工智能已得到广泛应用，但也因部署过程中的无意或恶意篡改而带来风险。因此，有必要定期检查以发现和预防此类风险。脆弱水印是一种用于识别人工智能模型中的篡改的技术。然而，之前的方法面临着遗漏风险、额外信息传输以及无法精确定位篡改等挑战。在本文中，我们提出了一种检测被篡改的参数和比特的方法，可用于检测、定位和恢复被篡改的参数。我们还提出了一种自适应嵌入方法，可以在保持模型准确性的同时最大化信息容量。我们的方法在遭受修改权重参数攻击的多个神经网络上进行了测试，结果表明，当修改率低于 20% 时，我们的方法取得了很好的恢复性能。此外，对于水印显着影响精度的模型，我们利用自适应位技术来恢复模型 15% 以上的精度损失。