Active Authorization Control of Deep Models Using Channel Pruning

Abstract

In recent work, researchers have proposed deep neural network(DNN) model active authorization control protection strategies. Because active authorization strategies can prevent attackers from stealing models in advance, they have become a focus of DNN model copyright protection research. At present, most active authorization methods significantly reduce the accuracy by encrypting the parameters of a DNN model or modifying the structure of a DNN model, to prevent malicious infringers from using the model. The active authorization method of modifying the structure of a DNN model impacts the original task accuracy of the DNN model. Moreover, in active authorization methods that encrypt DNN model parameters, authorized users need to perform many calculations to decrypt the DNN model parameters. Therefore, this paper uses a channel pruning algorithm to control the authorization of the DNN model. In this work, the pruning rate or threshold is used as the secret key of the DNN model, the secret key is used to prune and fine-tune the original DNN model before the DNN model is distributed to authorized users, and the fine-tuned DNN model can restore performance similar to that of the original DNN model. Due to the advantages of the pruning mechanism, the DNN model retains the performance of the original task during the active authorization process, and reducing the number of calculations. We perform our work with the CIFAR-10 and CIFAR-100 datasets, and the experimental results show that we only need to prune a small number of channels in the DNN model to determine whether a user is authorized.