A Systematic Review on Model Watermarking for Neural Networks
- URL: http://arxiv.org/abs/2009.12153v2
- Date: Wed, 8 Dec 2021 11:15:00 GMT
- Title: A Systematic Review on Model Watermarking for Neural Networks
- Authors: Franziska Boenisch
- Abstract summary: This work presents a taxonomy identifying and analyzing different classes of watermarking schemes for machine learning models.
It introduces a unified threat model to allow structured reasoning on and comparison of the effectiveness of watermarking methods.
It systematizes desired security requirements and attacks against ML model watermarking.
- Score: 1.2691047660244335
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Machine learning (ML) models are applied in an increasing variety of domains.
The availability of large amounts of data and computational resources
encourages the development of ever more complex and valuable models. These
models are considered intellectual property of the legitimate parties who have
trained them, which makes their protection against stealing, illegitimate
redistribution, and unauthorized application an urgent need. Digital
watermarking presents a strong mechanism for marking model ownership and,
thereby, offers protection against those threats. This work presents a taxonomy
identifying and analyzing different classes of watermarking schemes for ML
models. It introduces a unified threat model to allow structured reasoning on
and comparison of the effectiveness of watermarking methods in different
scenarios. Furthermore, it systematizes desired security requirements and
attacks against ML model watermarking. Based on that framework, representative
literature from the field is surveyed to illustrate the taxonomy. Finally,
shortcomings and general limitations of existing approaches are discussed, and
an outlook on future research directions is given.
Related papers
- Watermarking Decision Tree Ensembles [3.5621555706183896]
We present the first watermarking scheme for decision tree ensembles, focusing in particular on random forest models.
We show excellent results in terms of accuracy and security against the most relevant threats.
arXiv Detail & Related papers (2024-10-06T17:56:13Z) - On the Weaknesses of Backdoor-based Model Watermarking: An Information-theoretic Perspective [39.676548104635096]
Safeguarding the intellectual property of machine learning models has emerged as a pressing concern in AI security.
Model watermarking is a powerful technique for protecting ownership of machine learning models.
We propose a novel model watermarking scheme, In-distribution Watermark Embedding (IWE), to overcome the limitations of existing method.
arXiv Detail & Related papers (2024-09-10T00:55:21Z) - Watermarking Recommender Systems [52.207721219147814]
We introduce Autoregressive Out-of-distribution Watermarking (AOW), a novel technique tailored specifically for recommender systems.
Our approach entails selecting an initial item and querying it through the oracle model, followed by the selection of subsequent items with small prediction scores.
To assess the efficacy of the watermark, the model is tasked with predicting the subsequent item given a truncated watermark sequence.
arXiv Detail & Related papers (2024-07-17T06:51:24Z) - A Survey of Fragile Model Watermarking [14.517951900805317]
Model fragile watermarking has gradually emerged as a potent tool for detecting tampering.
This paper provides an overview of the relevant work in the field of model fragile watermarking since its inception.
arXiv Detail & Related papers (2024-06-07T10:23:25Z) - ModelShield: Adaptive and Robust Watermark against Model Extraction Attack [58.46326901858431]
Large language models (LLMs) demonstrate general intelligence across a variety of machine learning tasks.
adversaries can still utilize model extraction attacks to steal the model intelligence encoded in model generation.
Watermarking technology offers a promising solution for defending against such attacks by embedding unique identifiers into the model-generated content.
arXiv Detail & Related papers (2024-05-03T06:41:48Z) - Performance-lossless Black-box Model Watermarking [69.22653003059031]
We propose a branch backdoor-based model watermarking protocol to protect model intellectual property.
In addition, we analyze the potential threats to the protocol and provide a secure and feasible watermarking instance for language models.
arXiv Detail & Related papers (2023-12-11T16:14:04Z) - DeepHider: A Multi-module and Invisibility Watermarking Scheme for
Language Model [0.0]
This paper proposes a new threat of replacing the model classification module and performing global fine-tuning of the model.
We use the properties of blockchain such as tamper-proof and traceability to prevent the ownership statement of thieves.
Experiments show that the proposed scheme successfully verifies ownership with 100% watermark verification accuracy.
arXiv Detail & Related papers (2022-08-09T11:53:24Z) - Exploring Structure Consistency for Deep Model Watermarking [122.38456787761497]
The intellectual property (IP) of Deep neural networks (DNNs) can be easily stolen'' by surrogate model attack.
We propose a new watermarking methodology, namely structure consistency'', based on which a new deep structure-aligned model watermarking algorithm is designed.
arXiv Detail & Related papers (2021-08-05T04:27:15Z) - Don't Forget to Sign the Gradients! [60.98885980669777]
GradSigns is a novel watermarking framework for deep neural networks (DNNs)
We present GradSigns, a novel watermarking framework for deep neural networks (DNNs)
arXiv Detail & Related papers (2021-03-05T14:24:32Z) - Model Watermarking for Image Processing Networks [120.918532981871]
How to protect the intellectual property of deep models is a very important but seriously under-researched problem.
We propose the first model watermarking framework for protecting image processing models.
arXiv Detail & Related papers (2020-02-25T18:36:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.