TY - GEN
T1 - Shared DNN Model Ownership Verification in Cross-Silo Federated Learning
T2 - 2023 IEEE Global Communications Conference, GLOBECOM 2023
AU - Yan, Miao
AU - Su, Zhou
AU - Wang, Yuntao
AU - Ran, Xiandong
AU - Liu, Yiliang
AU - Luan, Tom H.
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Cross-silo federated learning, as a distributed learning paradigm, allows clients to collaboratively train an artificial intelligence (AI) model and jointly share the model ownership without local data transfer or exposure. However, the valuable AI models are facing fatal intellectual property (IP) infringement threats when offering AI services. Existing researches on IP protection mainly focus on the centralized models (i.e., single ownership), but leave federated models (i.e., shared ownership) unexplored. In this paper, we propose IPSF, a novel shared IP protection framework with all-round verification for multiple owners under cross-silo federated learning. Specifically, instead of embedding private watermarks individually, we adopt joint watermarks and soft labels as a conjoint fingerprint, and present a watermark generative adversarial network (WM-GAN) mechanism to fuse private watermarks and facilitate the integrated verification. We also design a diversity-and similarity-oriented assessment mechanism to support mutual evaluation between private and joint watermarks. Through the designed assessment mechanism, the correlation and variability between private and joint watermarks are dynamically maintained to ensure the stability of WM-GAN and the fairness among users in verification. Extensive experiments validates that our IPSF achieves desirable fidelity and high robustness under attacks.
AB - Cross-silo federated learning, as a distributed learning paradigm, allows clients to collaboratively train an artificial intelligence (AI) model and jointly share the model ownership without local data transfer or exposure. However, the valuable AI models are facing fatal intellectual property (IP) infringement threats when offering AI services. Existing researches on IP protection mainly focus on the centralized models (i.e., single ownership), but leave federated models (i.e., shared ownership) unexplored. In this paper, we propose IPSF, a novel shared IP protection framework with all-round verification for multiple owners under cross-silo federated learning. Specifically, instead of embedding private watermarks individually, we adopt joint watermarks and soft labels as a conjoint fingerprint, and present a watermark generative adversarial network (WM-GAN) mechanism to fuse private watermarks and facilitate the integrated verification. We also design a diversity-and similarity-oriented assessment mechanism to support mutual evaluation between private and joint watermarks. Through the designed assessment mechanism, the correlation and variability between private and joint watermarks are dynamically maintained to ensure the stability of WM-GAN and the fairness among users in verification. Extensive experiments validates that our IPSF achieves desirable fidelity and high robustness under attacks.
KW - Federated learning
KW - generative adversary network
KW - intellectual property protection
KW - watermark
UR - https://www.scopus.com/pages/publications/85187408971
U2 - 10.1109/GLOBECOM54140.2023.10437312
DO - 10.1109/GLOBECOM54140.2023.10437312
M3 - 会议稿件
AN - SCOPUS:85187408971
T3 - Proceedings - IEEE Global Communications Conference, GLOBECOM
SP - 1807
EP - 1811
BT - GLOBECOM 2023 - 2023 IEEE Global Communications Conference
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 4 December 2023 through 8 December 2023
ER -