173 research outputs found
FedCIP: Federated Client Intellectual Property Protection with Traitor Tracking
Federated learning is an emerging privacy-preserving distributed machine
learning that enables multiple parties to collaboratively learn a shared model
while keeping each party's data private. However, federated learning faces two
main problems: semi-honest server privacy inference attacks and malicious
client-side model theft. To address privacy inference attacks, parameter-based
encrypted federated learning secure aggregation can be used. To address model
theft, a watermark-based intellectual property protection scheme can verify
model ownership. Although watermark-based intellectual property protection
schemes can help verify model ownership, they are not sufficient to address the
issue of continuous model theft by uncaught malicious clients in federated
learning. Existing IP protection schemes that have the ability to track
traitors are also not compatible with federated learning security aggregation.
Thus, in this paper, we propose a Federated Client-side Intellectual Property
Protection (FedCIP), which is compatible with federated learning security
aggregation and has the ability to track traitors. To the best of our
knowledge, this is the first IP protection scheme in federated learning that is
compatible with secure aggregation and tracking capabilities
A Systematic Review on Model Watermarking for Neural Networks
Machine learning (ML) models are applied in an increasing variety of domains.
The availability of large amounts of data and computational resources encourages the development of ever more complex and valuable models.
These models are considered intellectual property of the legitimate parties who have trained them, which makes their protection against stealing, illegitimate redistribution, and unauthorized application an urgent need.
Digital watermarking presents a strong mechanism for marking model ownership and, thereby, offers protection against those threats.
This work presents a taxonomy identifying and analyzing different classes of watermarking schemes for ML models.
It introduces a unified threat model to allow structured reasoning on and comparison of the effectiveness of watermarking methods in different scenarios.
Furthermore, it systematizes desired security requirements and attacks against ML model watermarking.
Based on that framework, representative literature from the field is surveyed to illustrate the taxonomy.
Finally, shortcomings and general limitations of existing approaches are discussed, and an outlook on future research directions is given
Robust Distortion-free Watermarks for Language Models
We propose a methodology for planting watermarks in text from an
autoregressive language model that are robust to perturbations without changing
the distribution over text up to a certain maximum generation budget. We
generate watermarked text by mapping a sequence of random numbers -- which we
compute using a randomized watermark key -- to a sample from the language
model. To detect watermarked text, any party who knows the key can align the
text to the random number sequence. We instantiate our watermark methodology
with two sampling schemes: inverse transform sampling and exponential minimum
sampling. We apply these watermarks to three language models -- OPT-1.3B,
LLaMA-7B and Alpaca-7B -- to experimentally validate their statistical power
and robustness to various paraphrasing attacks. Notably, for both the OPT-1.3B
and LLaMA-7B models, we find we can reliably detect watermarked text () from tokens even after corrupting between -\% of the tokens
via random edits (i.e., substitutions, insertions or deletions). For the
Alpaca-7B model, we conduct a case study on the feasibility of watermarking
responses to typical user instructions. Due to the lower entropy of the
responses, detection is more difficult: around of the responses -- whose
median length is around tokens -- are detectable with , and
the watermark is also less robust to certain automated paraphrasing attacks we
implement
SALWARE: Salutary Hardware to design Trusted IC.
Fabless semiconductor industries are facing the rise of design costs of integrated circuits. This rise is link to the technology change and the complexity increasing. It follows that integrated circuits have become targets of counterfeiting and theft. The SALWARE project aims to study (theoretically and experimentally) salutary hardware design in order to fight against theft, illegal cloning and counterfeiting of integrated circuits. Salutary hardware means an embedded hardware system, hardly detectable / circumvented, inserted in an integrated circuit or a virtual component (Intellectual Property), used to provide intellectual property information (eg watermarking or hardware license) and / or to remotely activate the circuit or IP after manufacture and during use
A Recipe for Watermarking Diffusion Models
Diffusion models (DMs) have demonstrated advantageous potential on generative
tasks. Widespread interest exists in incorporating DMs into downstream
applications, such as producing or editing photorealistic images. However,
practical deployment and unprecedented power of DMs raise legal issues,
including copyright protection and monitoring of generated content. In this
regard, watermarking has been a proven solution for copyright protection and
content monitoring, but it is underexplored in the DMs literature.
Specifically, DMs generate samples from longer tracks and may have newly
designed multimodal structures, necessitating the modification of conventional
watermarking pipelines. To this end, we conduct comprehensive analyses and
derive a recipe for efficiently watermarking state-of-the-art DMs (e.g., Stable
Diffusion), via training from scratch or finetuning. Our recipe is
straightforward but involves empirically ablated implementation details,
providing a foundation for future research on watermarking DMs. The code is
available at https://github.com/yunqing-me/WatermarkDM
Identifying Appropriate Intellectual Property Protection Mechanisms for Machine Learning Models: A Systematization of Watermarking, Fingerprinting, Model Access, and Attacks
The commercial use of Machine Learning (ML) is spreading; at the same time,
ML models are becoming more complex and more expensive to train, which makes
Intellectual Property Protection (IPP) of trained models a pressing issue.
Unlike other domains that can build on a solid understanding of the threats,
attacks and defenses available to protect their IP, the ML-related research in
this regard is still very fragmented. This is also due to a missing unified
view as well as a common taxonomy of these aspects.
In this paper, we systematize our findings on IPP in ML, while focusing on
threats and attacks identified and defenses proposed at the time of writing. We
develop a comprehensive threat model for IP in ML, categorizing attacks and
defenses within a unified and consolidated taxonomy, thus bridging research
from both the ML and security communities
A survey on security analysis of machine learning-oriented hardware and software intellectual property
Intellectual Property (IP) includes ideas, innovations, methodologies, works of authorship (viz., literary and artistic works), emblems, brands, images, etc. This property is intangible since it is pertinent to the human intellect. Therefore, IP entities are indisputably vulnerable to infringements and modifications without the owner’s consent. IP protection regulations have been deployed and are still in practice, including patents, copyrights, contracts, trademarks, trade secrets, etc., to address these challenges. Unfortunately, these protections are insufficient to keep IP entities from being changed or stolen without permission. As for this, some IPs require hardware IP protection mechanisms, and others require software IP protection techniques. To secure these IPs, researchers have explored the domain of Intellectual Property Protection (IPP) using different approaches. In this paper, we discuss the existing IP rights and concurrent breakthroughs in the field of IPP research; provide discussions on hardware IP and software IP attacks and defense techniques; summarize different applications of IP protection; and lastly, identify the challenges and future research prospects in hardware and software IP security
Rethinking Watermark: Providing Proof of IP Ownership in Modern SoCs
Intellectual property (IP) cores are essential to creating modern system-on-chips (SoCs). Protecting the IPs deployed in modern SoCs has become more difficult as the IP houses have been established across the globe over the past three decades. The threat posed by IP piracy and overuse has been a topic of research for the past decade or so and has led to creation of a field called watermarking. IP watermarking aims of detecting unauthorized IP usage by embedding excess, nonfunctional circuitry into the SoC. Unfortunately, prior work has been built upon assumptions that cannot be met within the modern SoC design and verification processes. In this paper, we first provide an extensive overview of the current state-of-the-art IP watermarking. Then, we challenge these dated assumptions and propose a new path for future effective IP watermarking approaches suitable for today\u27s complex SoCs in which IPs are deeply embedded
- …