Watermarking Decision Tree Ensembles
Stefano Calzavara, Lorenzo Cazzaro, Donald Gera, Salvatore Orlando
TL;DR
This paper introduces the first watermarking scheme for decision tree ensembles, specifically targeting random forest models, with a focus on security, accuracy, and robustness against attacks.
Contribution
It presents a novel watermarking method for decision tree ensembles, filling a gap in model protection techniques beyond neural networks.
Findings
High accuracy in watermark verification
Strong security against common attacks
Effective robustness demonstrated in experiments
Abstract
Protecting the intellectual property of machine learning models is a hot topic and many watermarking schemes for deep neural networks have been proposed in the literature. Unfortunately, prior work largely neglected the investigation of watermarking techniques for other types of models, including decision tree ensembles, which are a state-of-the-art model for classification tasks on non-perceptual data. In this paper, we present the first watermarking scheme designed for decision tree ensembles, focusing in particular on random forest models. We discuss watermark creation and verification, presenting a thorough security analysis with respect to possible attacks. We finally perform an experimental evaluation of the proposed scheme, showing excellent results in terms of accuracy and security against the most relevant threats.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Steganography and Watermarking Techniques · Digital Media Forensic Detection · Chaos-based Image/Signal Encryption