FedIPR: Ownership Verification for Federated Deep Neural Network Models
Bowen Li, Lixin Fan, Hanlin Gu, Jie Li, Qiang Yang
TL;DR
This paper introduces FedIPR, a privacy-preserving ownership verification scheme for federated deep neural networks that embeds watermarks allowing clients to verify model ownership without exposing private data.
Contribution
It proposes a novel watermarking scheme enabling private ownership verification in federated learning models, ensuring security and robustness against attacks.
Findings
Watermarks can be embedded and detected reliably across tasks.
The scheme is resilient to removal attacks.
Model performance remains unaffected by watermarking.
Abstract
Federated learning models are collaboratively developed upon valuable training data owned by multiple parties. During the development and deployment of federated models, they are exposed to risks including illegal copying, re-distribution, misuse and/or free-riding. To address these risks, the ownership verification of federated learning models is a prerequisite that protects federated learning model intellectual property rights (IPR) i.e., FedIPR. We propose a novel federated deep neural network (FedDNN) ownership verification scheme that allows private watermarks to be embedded and verified to claim legitimate IPR of FedDNN models. In the proposed scheme, each client independently verifies the existence of the model watermarks and claims respective ownership of the federated model without disclosing neither private training data nor private watermark information. The effectiveness of…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Privacy-Preserving Technologies in Data · Advanced Neural Network Applications