SSL-Auth: An Authentication Framework by Fragile Watermarking for Pre-trained Encoders in Self-supervised Learning

TL;DR

SSL-Auth is a novel authentication framework for pre-trained self-supervised learning encoders that uses fragile watermarking to verify integrity and detect malicious modifications without degrading encoder performance.

Contribution

It introduces SSL-Auth, the first framework to authenticate pre-trained SSL encoders using fragile watermarking with generative networks for integrity verification.

Findings

Effective detection of malicious alterations in encoders.

Robust verification across various encoders and tasks.

Maintains encoder performance while ensuring security.

Abstract

Self-supervised learning (SSL), a paradigm harnessing unlabeled datasets to train robust encoders, has recently witnessed substantial success. These encoders serve as pivotal feature extractors for downstream tasks, demanding significant computational resources. Nevertheless, recent studies have shed light on vulnerabilities in pre-trained encoders, including backdoor and adversarial threats. Safeguarding the intellectual property of encoder trainers and ensuring the trustworthiness of deployed encoders pose notable challenges in SSL. To bridge these gaps, we introduce SSL-Auth, the first authentication framework designed explicitly for pre-trained encoders. SSL-Auth leverages selected key samples and employs a well-trained generative network to reconstruct watermark information, thus affirming the integrity of the encoder without compromising its performance. By comparing the reconstruction outcomes of the key samples, we can identify any malicious alterations. Comprehensive evaluations conducted on a range of encoders and diverse downstream tasks demonstrate the effectiveness of our proposed SSL-Auth.