Immunization of Pruning Attack in DNN Watermarking Using Constant Weight Code
This addresses the protection of intellectual property rights for DNN model owners against pruning attacks, representing an incremental advancement in watermarking techniques.
The paper tackles the problem of pruning attacks in DNN watermarking, which threaten intellectual property protection by removing watermarks, and presents a novel encoding approach using constant weight codes to immunize against these attacks, achieving robustness as the first study of its kind.
To ensure protection of the intellectual property rights of DNN models, watermarking techniques have been investigated to insert side-information into the models without seriously degrading the performance of original task. One of the threats for the DNN watermarking is the pruning attack such that less important neurons in the model are pruned to make it faster and more compact as well as to remove the watermark. In this study, we investigate a channel coding approach to resist the pruning attack. As the channel model is completely different from conventional models like digital images, it has been an open problem what kind of encoding method is suitable for DNN watermarking. A novel encoding approach by using constant weight codes to immunize the effects of pruning attacks is presented. To the best of our knowledge, this is the first study that introduces an encoding technique for DNN watermarking to make it robust against pruning attacks.