随着深度神经网络在边缘设备上的广泛部署，模型的轻量化已成为必然趋势。然而，模型压缩、量化及结
构裁剪等操作在提升推理效率的同时，也削弱了模型的安全性与所有权保护能力。传统的模型水印方法在轻量化场
景下易受剪枝与量化影响，存在水印嵌入不稳定、提取准确率低等问题。为此，本文提出一种基于特征冗余的轻量
化神经网络鲁棒水印方法。该方法不仅可用于轻量化模型的版权保护，也为边缘智能模型的可信分发与防篡改提供
了新的技术途径。

轻量化神经网络；模型水印；特征冗余；鲁棒嵌入

[1]Liu, X., Lin, Y., Zhao, J., et al. A Survey on Deep

Neural Network Watermarking: Attacks, Defenses, and

Future Directions[J]. IEEE Communications Surveys &

Tutorials, 2024, 26(1): 164-201.

[2]Fan, L., Wang, L., Liu, J., et al. A survey of

watermarking techniques for deep neural networks[J]. ACM

Computing Surveys, 2023, 55(9): 1-36.

[3]Adi, Y., Baum, C., Cisse, M., et al. Turning your

weakness into a strength: Watermarking deep neural networks

by backdooring[C].27th USENIX Security Symposium, 2018.

[4]Szyller,A.,Kijak,E.,Amsaleg,L. A survey on responsebased and trigger-based neural network watermarking[J].

IEEE Access, 2022, 10: 51229-51244.