Robust Watermarking on Gradient Boosting Decision Trees
Jun Woo Chung, Yingjie Lao, Weijie Zhao
TL;DR
This paper introduces a novel robust watermarking framework specifically designed for Gradient Boosting Decision Trees, enabling imperceptible and resilient watermark embedding with minimal accuracy impact.
Contribution
It is the first to develop a GBDT-specific watermarking method using in-place fine-tuning, with four strategies that balance robustness and accuracy.
Findings
High watermark embedding rates achieved
Low accuracy degradation demonstrated
Strong resistance to post-deployment fine-tuning
Abstract
Gradient Boosting Decision Trees (GBDTs) are widely used in industry and academia for their high accuracy and efficiency, particularly on structured data. However, watermarking GBDT models remains underexplored compared to neural networks. In this work, we present the first robust watermarking framework tailored to GBDT models, utilizing in-place fine-tuning to embed imperceptible and resilient watermarks. We propose four embedding strategies, each designed to minimize impact on model accuracy while ensuring watermark robustness. Through experiments across diverse datasets, we demonstrate that our methods achieve high watermark embedding rates, low accuracy degradation, and strong resistance to post-deployment fine-tuning.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Neural Network Applications · Generative Adversarial Networks and Image Synthesis