To ensure protection of the intellectual property rights of DNN models, watermarking techniques have been investigated to insert side-information into the models without seriously degrading the performance of original task. One of the threats for the DNN watermarking is the pruning attack such that less important neurons in the model are pruned to make it faster and more compact as well as to remove the watermark. In this study, we investigate a channel coding approach to resist the pruning attack. As the channel model is completely different from conventional models like digital images, it has been an open problem what kind of encoding method is suitable for DNN watermarking. A novel encoding approach by using constant weight codes to immunize the effects of pruning attacks is presented. To the best of our knowledge, this is the first study that introduces an encoding technique for DNN watermarking to make it robust against pruning attacks.

翻译：为了确保DNN模型的知识产权得到保护,已经调查了水标记技术,以便在不严重降低原任务绩效的情况下将侧面信息插入模型,DNN水标记的威胁之一是,对DNN水标记的威胁之一是,对模型中较不重要的神经元进行修剪,使其更快、更紧凑,并去除水标记。在本研究中,我们调查了一种频道编码方法,以抵御压倒性攻击。由于频道模型与像数字图像这样的传统模型完全不同,因此对于DNN水标记来说哪种编码方法是合适的,这是一个公开的问题。我们介绍了一种新编码方法,即使用恒定重量编码来为划线攻击的效果进行免疫。据我们所知,这是为DNNW水标记引入编码技术,使之能抵御划线攻击的首项研究。