Immunization of Pruning Attack in DNN Watermarking Using Constant Weight Code

TL;DR

This paper introduces a novel constant weight code-based encoding method to enhance the robustness of DNN watermarks against pruning attacks, addressing a key security challenge in model protection.

Contribution

It presents the first encoding technique using constant weight codes to resist pruning attacks in DNN watermarking, a novel approach in the field.

Findings

The proposed method effectively mitigates pruning attack effects.

Constant weight codes improve watermark robustness without degrading model performance.

This approach opens new avenues for secure DNN watermarking techniques.

Abstract

To ensure protection of the intellectual property rights of DNN models, watermarking techniques have been investigated to insert side-information into the models without seriously degrading the performance of original task. One of the threats for the DNN watermarking is the pruning attack such that less important neurons in the model are pruned to make it faster and more compact as well as to remove the watermark. In this study, we investigate a channel coding approach to resist the pruning attack. As the channel model is completely different from conventional models like digital images, it has been an open problem what kind of encoding method is suitable for DNN watermarking. A novel encoding approach by using constant weight codes to immunize the effects of pruning attacks is presented. To the best of our knowledge, this is the first study that introduces an encoding technique for DNN watermarking to make it robust against pruning attacks.