Transferable Watermarking to Self-supervised Pre-trained Graph Encoders by Trigger Embeddings

• URL: http://arxiv.org/abs/2406.13177v2
• Date: Mon, 07 Oct 2024 02:47:19 GMT
• Title: Transferable Watermarking to Self-supervised Pre-trained Graph Encoders by Trigger Embeddings
• Authors: Xiangyu Zhao, Hanzhou Wu, Xinpeng Zhang,
• Abstract summary: Graph Self-supervised Learning (GSSL) enables to pre-train foundation graph encoders. Easy-to-plug-in nature of such encoders makes them vulnerable to copyright infringement. We develop a novel watermarking framework to protect graph encoders in GSSL settings.
• Score: 43.067822791795095
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Recent years have witnessed the prosperous development of Graph Self-supervised Learning (GSSL), which enables to pre-train transferable foundation graph encoders. However, the easy-to-plug-in nature of such encoders makes them vulnerable to copyright infringement. To address this issue, we develop a novel watermarking framework to protect graph encoders in GSSL settings. The key idea is to force the encoder to map a set of specially crafted trigger instances into a unique compact cluster in the outputted embedding space during model pre-training. Consequently, when the encoder is stolen and concatenated with any downstream classifiers, the resulting model inherits the `backdoor' of the encoder and predicts the trigger instances to be in a single category with high probability regardless of the ground truth. Experimental results have shown that, the embedded watermark can be transferred to various downstream tasks in black-box settings, including node classification, link prediction and community detection, which forms a reliable watermark verification system for GSSL in reality. This approach also shows satisfactory performance in terms of model fidelity, reliability and robustness.

Related papers

• BlackCATT: Black-box Collusion Aware Traitor Tracing in Federated Learning [51.251962154210474]
  We present a general collusion-resistant embedding method for black-box traitor tracing in Federated Learning: BlackCATT.<n> Experimental results confirm the efficacy of the proposed scheme across different architectures and datasets.<n>For models that would otherwise suffer from update incompatibility on the main task, our proposed BlackCATT+FR incorporates functional regularization.
  arXiv  Detail & Related papers  (2026-02-12T16:26:57Z)
• Hybrid Autoencoders for Tabular Data: Leveraging Model-Based Augmentation in Low-Label Settings [13.591018807414484]
  We propose a hybrid autoencoder that combines a neural encoder with an oblivious soft decision tree (OSDT) encoder, each guided by its own gating network.<n>Our method achieves consistent gains in low-label classification and regression across diverse datasets, outperforming deep and tree-based supervised baselines.
  arXiv  Detail & Related papers  (2025-11-10T11:08:39Z)
• SSCL-BW: Sample-Specific Clean-Label Backdoor Watermarking for Dataset Ownership Verification [8.045712223215542]
  This paper proposes a sample-specific clean-label backdoor watermarking (i.e., SSCL-BW)<n>By training a U-Net-based watermarked sample generator, this method generates unique watermarks for each sample.<n>Experiments on benchmark datasets demonstrate the effectiveness of the proposed method and its robustness against potential watermark removal attacks.
  arXiv  Detail & Related papers  (2025-10-30T12:13:53Z)
• StableGuard: Towards Unified Copyright Protection and Tamper Localization in Latent Diffusion Models [55.05404953041403]
  We propose a novel framework that seamlessly integrates a binary watermark into the diffusion generation process.<n>We show that StableGuard consistently outperforms state-of-the-art methods in image fidelity, watermark verification, and tampering localization.
  arXiv  Detail & Related papers  (2025-09-22T16:35:19Z)
• Graph Signal Generative Diffusion Models [74.75869068073577]
  We introduce U-shaped encoder-decoder graph neural networks (U-GNNs) for graph signal generation using denoising diffusion processes.<n>The architecture learns node features at different resolutions with skip connections between the encoder and decoder paths.<n>We demonstrate the effectiveness of the diffusion model in probabilistic forecasting of stock prices.
  arXiv  Detail & Related papers  (2025-09-21T21:57:27Z)
• Towards Robust Red-Green Watermarking for Autoregressive Image Generators [17.784976310663104]
  In this paper, we explore the use of in-generation watermarks in autoregressive (AR) image models.<n>AR models generate images by autoregressively predicting a sequence of visual tokens that are then decoded into pixels.<n>Inspired by red-green watermarks for large language models, we examine token-level watermarking schemes that bias the next-token prediction.<n>We propose two novel watermarking methods that rely on visual token clustering to assign similar tokens to the same set.
  arXiv  Detail & Related papers  (2025-08-08T19:14:22Z)
• Gaussian Shading++: Rethinking the Realistic Deployment Challenge of Performance-Lossless Image Watermark for Diffusion Models [66.54457339638004]
  Copyright protection and inappropriate content generation pose challenges for the practical implementation of diffusion models. We propose a diffusion model watermarking method tailored for real-world deployment. Gaussian Shading++ not only maintains performance losslessness but also outperforms existing methods in terms of robustness.
  arXiv  Detail & Related papers  (2025-04-21T11:18:16Z)
• Should we pre-train a decoder in contrastive learning for dense prediction tasks? [0.7237068561453082]
  We propose a framework-agnostic adaptation to convert an encoder-only self-supervised learning (SSL) contrastive approach to an efficient encoder-decoder framework. We first update the existing architecture to accommodate a decoder and its respective contrastive loss. We then introduce a weighted encoder-decoder contrastive loss with non-competing objectives that facilitates the joint encoder-decoder architecture pre-training.
  arXiv  Detail & Related papers  (2025-03-21T20:19:13Z)
• Provably Robust and Secure Steganography in Asymmetric Resource Scenario [30.12327233257552]
  Current provably secure steganography approaches require a pair of encoder and decoder to hide and extract private messages. This paper proposes a novel provably robust and secure steganography framework for the asymmetric resource setting.
  arXiv  Detail & Related papers  (2024-07-18T13:32:00Z)
• Lazy Layers to Make Fine-Tuned Diffusion Models More Traceable [70.77600345240867]
  A novel arbitrary-in-arbitrary-out (AIAO) strategy makes watermarks resilient to fine-tuning-based removal. Unlike the existing methods of designing a backdoor for the input/output space of diffusion models, in our method, we propose to embed the backdoor into the feature space of sampled subpaths. Our empirical studies on the MS-COCO, AFHQ, LSUN, CUB-200, and DreamBooth datasets confirm the robustness of AIAO.
  arXiv  Detail & Related papers  (2024-05-01T12:03:39Z)
• Downstream-agnostic Adversarial Examples [66.8606539786026]
  AdvEncoder is first framework for generating downstream-agnostic universal adversarial examples based on pre-trained encoder. Unlike traditional adversarial example works, the pre-trained encoder only outputs feature vectors rather than classification labels. Our results show that an attacker can successfully attack downstream tasks without knowing either the pre-training dataset or the downstream dataset.
  arXiv  Detail & Related papers  (2023-07-23T10:16:47Z)
• Semi-Supervised and Long-Tailed Object Detection with CascadeMatch [91.86787064083012]
  We propose a novel pseudo-labeling-based detector called CascadeMatch. Our detector features a cascade network architecture, which has multi-stage detection heads with progressive confidence thresholds. We show that CascadeMatch surpasses existing state-of-the-art semi-supervised approaches in handling long-tailed object detection.
  arXiv  Detail & Related papers  (2023-05-24T07:09:25Z)
• Did You Train on My Dataset? Towards Public Dataset Protection with Clean-Label Backdoor Watermarking [54.40184736491652]
  We propose a backdoor-based watermarking approach that serves as a general framework for safeguarding public-available data. By inserting a small number of watermarking samples into the dataset, our approach enables the learning model to implicitly learn a secret function set by defenders. This hidden function can then be used as a watermark to track down third-party models that use the dataset illegally.
  arXiv  Detail & Related papers  (2023-03-20T21:54:30Z)
• AWEncoder: Adversarial Watermarking Pre-trained Encoders in Contrastive Learning [18.90841192412555]
  We introduce AWEncoder, an adversarial method for watermarking the pre-trained encoder in contrastive learning. The proposed work enjoys pretty good effectiveness and robustness on different contrastive learning algorithms and downstream tasks.
  arXiv  Detail & Related papers  (2022-08-08T07:23:37Z)
• SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders [9.070481370120905]
  We propose SSLGuard, the first watermarking algorithm for pre-trained encoders. SSLGuard is effective in watermark injection and verification, and is robust against model stealing and other watermark removal attacks.
  arXiv  Detail & Related papers  (2022-01-27T17:41:54Z)
• Watermarking Pre-trained Encoders in Contrastive Learning [9.23485246108653]
  The pre-trained encoders are an important intellectual property that needs to be carefully protected. It is challenging to migrate existing watermarking techniques from the classification tasks to the contrastive learning scenario. We introduce a task-agnostic loss function to effectively embed into the encoder a backdoor as the watermark.
  arXiv  Detail & Related papers  (2022-01-20T15:14:31Z)
• Autoencoding Variational Autoencoder [56.05008520271406]
  We study the implications of this behaviour on the learned representations and also the consequences of fixing it by introducing a notion of self consistency. We show that encoders trained with our self-consistency approach lead to representations that are robust (insensitive) to perturbations in the input introduced by adversarial attacks.
  arXiv  Detail & Related papers  (2020-12-07T14:16:14Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.