Watermark Removal Scheme Based on Neural Network Model Pruning

In recent years, due to the rapid development of information technology, machine learning is widely used in various fields. Training deep neural network models is a very expensive process, which requires a lot of training data and hardware resources. Therefore, DNN models can be considered the intellectual property rights of model owners and need to be protected. More and more watermarking algorithms have been studied to embed into neural network models to protect the ownership of the models. At the same time, to test the robustness of the watermark, watermarking attack algorithms have emerged. In this paper, we firstly find the unexpected sensitivity of watermarked models, that is, they are more susceptible to adversarial disturbances than unwatermarked models, and then propose a model repair method based on neural network model pruning. By pruning some sensitive neurons to remove the watermark, the success rate of the watermark can be reduced to a certain extent, and on this basis, it verifies that it can effectively avoid model ownership detection.