Yes We can: Watermarking Machine Learning Models beyond Classification

Autor: Slim Trabelsi, Melek Önen, Sofiane Lounici, Orhan Ermis, Mohamed Njeh
Přispěvatelé: Eurecom [Sophia Antipolis], ANR-19-P3IA-0002,3IA@cote d'azur,3IA Côte d'Azur(2019)
Rok vydání: 2021
Předmět:
Zdroj: CSF
CFS 2021, 34th IEEE Computer Security Foundations Symposium
CFS 2021, 34th IEEE Computer Security Foundations Symposium, Jun 2021, Dubrovnik, Croatia
DOI: 10.1109/csf51468.2021.00044
Popis: Since machine learning models have become a valuable asset for companies, watermarking techniques have been developed to protect the intellectual property of these models and prevent model theft. We observe that current watermarking frameworks solely target image classification tasks, neglecting a considerable part of machine learning techniques. In this paper, we propose to address this lack and study the watermarking process of various machine learning techniques such as machine translation, regression, binary image classification and reinforcement learning models. We adapt current definitions to each specific technique and we evaluate the main characteristics of the watermarking process, in particular the robustness of the models against a rational adversary. We show that watermarking models beyond classification is possible while preserving their overall performance. We further investigate various attacks and discuss the importance of the performance metric in the verification process and its impact on the success of the adversary.
Databáze: OpenAIRE
Externí odkaz: