To ensure protection of the intellectual property rights of DNN models,
watermarking techniques have been investigated to insert side-information into
the models without seriously degrading the performance of original task. One of
the threats for the DNN watermarking is the pruning attack such that less
important neurons in the model are pruned to make it faster and more compact as
well as to remove the watermark. In this study, we investigate a channel coding
approach to resist the pruning attack. As the channel model is completely
different from conventional models like digital images, it has been an open
problem what kind of encoding method is suitable for DNN watermarking. A novel
encoding approach by using constant weight codes to immunize the effects of
pruning attacks is presented. To the best of our knowledge, this is the first
study that introduces an encoding technique for DNN watermarking to make it
robust against pruning attacks.

Go to Source of this post
Author Of this post: <a href="http://arxiv.org/find/cs/1/au:+Kuribayashi_M/0/1/0/all/0/1">Minoru Kuribayashi</a>, <a href="http://arxiv.org/find/cs/1/au:+Yasui_T/0/1/0/all/0/1">Tatsuya Yasui</a>, <a href="http://arxiv.org/find/cs/1/au:+Malik_A/0/1/0/all/0/1">Asad Malik</a>, <a href="http://arxiv.org/find/cs/1/au:+Funabiki_N/0/1/0/all/0/1">Nobuo Funabiki</a>

By admin