In response to the growing popularity of Machine Learning (ML) techniques to solve problems in various industries, various malicious groups have started to target such techniques in their attack plan. However, as ML models are constantly updated with continuous data, it is very hard to monitor the integrity of ML models. One probable solution would be to use hashing techniques. Regardless of how that would mean re-hashing the model each time the model is trained on newer data which is computationally expensive and not a feasible solution for ML models that are trained on continuous data. Therefore, in this paper, we propose a model integrity-checking mechanism that uses model watermarking techniques to monitor the integrity of ML models. We then demonstrate that our proposed technique can monitor the integrity of ML models even when the model is further trained on newer data with a low computational cost. Furthermore, the integrity checking mechanism can be used on Deep Learning models that work on complex data distributions such as Cyber-Physical System applications.
翻译:为了应对各种行业中日益流行的解决问题的机器学习技术,各种恶意团体开始在其攻击计划中以此类技术为目标,然而,由于ML模型不断以连续数据更新,因此很难监测ML模型的完整性。一种可能的解决办法是使用散列技术。无论这如何意味着每次对模型进行关于计算成本昂贵的新数据的培训时,就将模型重新打入新数据,而不是对不断数据培训的ML模型的可行解决办法。因此,在本文件中,我们提议一个模型完整性检查机制,使用模型水印技术监测ML模型的完整性。然后,我们证明,即使对模型进行计算成本较低的新数据进一步培训,我们拟议的技术也能监测ML模型的完整性。此外,完整性检查机制可以用于深学习模型,用于诸如网络-物理系统应用等复杂数据传播工作。