Coded DNN Watermark: Robustness against Pruning Models Using Constant Weight Code

Tatsuya Yasui, Takuro Tanaka, Asad Malik, Minoru Kuribayashi

Research output: Contribution to journalArticlepeer-review

Abstract

Deep Neural Network (DNN) watermarking techniques are increasingly being used to protect the intellectual property of DNN models. Basically, DNN watermarking is a technique to insert side information into the DNN model without significantly degrading the performance of its original task. A pruning attack is a threat to DNN watermarking, wherein the less important neurons in the model are pruned to make it faster and more compact. As a result, removing the watermark from the DNN model is possible. This study investigates a channel coding approach to protect DNN watermarking against pruning attacks. The channel model differs completely from conventional models involving digital images. Determining the suitable encoding methods for DNN watermarking remains an open problem. Herein, we presented a novel encoding approach using constant weight codes to protect the DNN watermarking against pruning attacks. The experimental results confirmed that the robustness against pruning attacks could be controlled by carefully setting two thresholds for binary symbols in the codeword.

Original languageEnglish
Article number152
JournalJournal of Imaging
Volume8
Issue number6
DOIs
Publication statusPublished - Jun 2022

Keywords

  • constant weight code
  • DNN model
  • fine-tuning
  • pruning attack
  • watermarking

ASJC Scopus subject areas

  • Radiology Nuclear Medicine and imaging
  • Computer Vision and Pattern Recognition
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Coded DNN Watermark: Robustness against Pruning Models Using Constant Weight Code'. Together they form a unique fingerprint.

Cite this