Go to ICPR 2022 homepageFused Pruning based Robust Deep Neural Network Watermark Embedding
Abstract: Deep Neural Network (DNN) models are usually trained with tremendous data and computation resources. Thus, DNN models are now regarded as important assets, however facing a great risk of being stolen and illegal distribution. In recent years, watermark is introduced to protect the ownership of DNN models. The watermark can be extracted in a relatively simple way to declare the ownership of the model. However, watermark is vulnerable to be attacked. In this work, we propose a watermark defense method for DNN model based on pruning. Inspired by the pruning methods, we design a fused channel-wise pruning strategy which selects important filters for watermarks embedding. Specifically, we introduce a novel method to enhance the watermark robustness by selecting important filters as the watermark carrier based on multiple pruning methods, including network slimming, efficient filter and entropy. We conduct experiments on the VGG-19 model with the CIFAR-10 dataset. The experimental results show that this method is robust against fine-tuning attack, pruning attack and overwriting attack. In addition, our method does not significantly change the distribution of model weights so that the watermark is hard to be detected.
0 Replies
Loading