WATERMARKING PROTOCOL FOR DEEP NEURAL NETWORK OWNERSHIP REGULATION IN FEDERATED LEARNING

被引:4
作者
Li, Fang-Qi [1 ]
Wang, Shi-Lin [1 ]
Liew, Alan Wee-Chung [2 ]
机构
[1] Shanghai Jiao Tong Univ, Sch Elect Informat & Elect Engn, Shanghai, Peoples R China
[2] Griffith Univ, Sch Informat & Commun Technol, Brisbane, Australia
来源
2022 IEEE INTERNATIONAL CONFERENCE ON MULTIMEDIA AND EXPO WORKSHOPS (IEEE ICMEW 2022) | 2022年
基金
中国国家自然科学基金;
关键词
Deep neural network watermark; federated learning; machine learning security and forensics;
D O I
10.1109/ICMEW56448.2022.9859395
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
With the wide application of deep learning models, it is important to verify an author's possession over a deep neural network model by watermarks and protect the model. The development of distributed learning paradigms such as federated learning raises new challenges for model protection. Each author should be able to conduct independent verification and trace traitors. To meet those requirements, we propose a watermarking protocol, Merkle-Sign to meet the prerequisites for ownership verification in federated learning. Our work paves the way for generalizing watermark as a practical security mechanism for protecting deep learning models in distributed learning platforms.
引用
收藏
页数:4
相关论文
共 13 条
  • [1] Adi Y, 2018, PROCEEDINGS OF THE 27TH USENIX SECURITY SYMPOSIUM, P1615
  • [2] Atli Buse Gul, 2021, IEEE SRDS
  • [3] Practical Secure Aggregation for Privacy-Preserving Machine Learning
    Bonawitz, Keith
    Ivanov, Vladimir
    Kreuter, Ben
    Marcedone, Antonio
    McMahan, H. Brendan
    Patel, Sarvar
    Ramage, Daniel
    Segal, Aaron
    Seth, Karn
    [J]. CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, : 1175 - 1191
  • [4] Deep Residual Learning for Image Recognition
    He, Kaiming
    Zhang, Xiangyu
    Ren, Shaoqing
    Sun, Jian
    [J]. 2016 IEEE CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR), 2016, : 770 - 778
  • [5] Li Fangqi, 2022, AAAI SAFEAI WORKSHOP
  • [6] Li Fangqi, 2021, IJCAI WORKSHOP
  • [7] An Efficient Merkle-Tree-Based Authentication Scheme for Smart Grid
    Li, Hongwei
    Lu, Rongxing
    Zhou, Liang
    Yang, Bo
    Shen, Xuemin
    [J]. IEEE SYSTEMS JOURNAL, 2014, 8 (02): : 655 - 663
  • [8] Li HY, 2020, Arxiv, DOI arXiv:1910.01226
  • [9] Embedding Watermarks into Deep Neural Networks
    Uchida, Yusuke
    Nagai, Yuki
    Sakazawa, Shigeyuki
    Satoh, Shin'ichi
    [J]. PROCEEDINGS OF THE 2017 ACM INTERNATIONAL CONFERENCE ON MULTIMEDIA RETRIEVAL (ICMR'17), 2017, : 274 - 282
  • [10] A Deep Learning Framework Supporting Model Ownership Protection and Traitor Tracing
    Xu, Guowen
    Li, Hongwei
    Zhang, Yuan
    Lin, Xiaodong
    Deng, Robert H.
    Shen, Xuemin
    [J]. 2020 IEEE 26TH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED SYSTEMS (ICPADS), 2020, : 438 - 446
12