Federated learning models must be protected against plagiarism since these models are built upon valuable training data owned by multiple institutions or people.This paper illustrates a novel federated deep neural network (FedDNN) ownership verification scheme that allows ownership signatures to be embedded and verified to claim legitimate intellectual property rights (IPR) of FedDNN models, in case that models are illegally copied, re-distributed or misused. The effectiveness of embedded ownership signatures is theoretically justified by proved condition sunder which signatures can be embedded and detected by multiple clients with-out disclosing private signatures. Extensive experimental results on CIFAR10,CIFAR100 image datasets demonstrate that varying bit-lengths signatures can be embedded and reliably detected without affecting models classification performances. Signatures are also robust against removal attacks including fine-tuning and pruning.
翻译:联邦学习模式必须受到保护,以免被蒙骗,因为这些模式是建立在多个机构或人拥有的宝贵培训数据基础上的。 本文展示了一个新的联邦深层神经网络(FedDNN)所有权核实计划,允许在模型被非法复制、再分配或滥用的情况下,对FedDNN模式的所有权签名进行嵌入和核实,以主张合法知识产权。嵌入的所有权签名在理论上是有道理的,其证明条件是,签名可以嵌入并被披露私人签名的多个客户检测。 CIFAR10、CIFAR100图像数据集的广泛实验结果表明,在不影响模型分类性能的情况下,可以嵌入和可靠地检测不同的位长签名。 签名对于包括微调和裁剪在内的清除攻击,签名也是强有力的。
相关内容
微信扫码咨询专知VIP会员