查看文章

Deep Neural Network (DNN) models are usually trained with tremendous data and computation resources. Thus, DNN models are now regarded as important assets, however facing a great risk of being stolen and illegal distribution. In recent years, watermark is introduced to protect the ownership of DNN models. The watermark can be extracted in a relatively simple way to declare the ownership of the model. However, watermark is vulnerable to be attacked. In this work, we propose a watermark defense method for DNN model based on pruning. Inspired by the pruning methods, we design a fused channel-wise pruning strategy which selects important filters for watermarks embedding. Specifically, we introduce a novel method to enhance the watermark robustness by selecting important filters as the watermark carrier based on multiple pruning methods, including network slimming, efficient filter and entropy. We …