IPCert: Provably Robust Intellectual Property Protection for Machine Learning
Abstract
Watermarking and fingerprinting are two popular methods to protect intellectual property (IP) of a model. In particular, a model owner can use them to detect whether a given model is a stolen version of its model. Robustness against perturbation added to a model is a key desired property for IP protection methods. In this work, we first show that existing IP protection methods are not robust against model perturbations in the worst-case scenarios as previously thought. Second, we propose a randomized smoothing based framework that can turn a watermarking/fingerprinting method to be provably robust against model perturbations. However, a straightforward application of randomized smoothing achieves suboptimal provable robustness. To address the challenge, we propose optimization strategies to enhance provable robustness. We evaluate our framework on multiple datasets to show its provable robustness.
Cite
Text
Jiang et al. "IPCert: Provably Robust Intellectual Property Protection for Machine Learning." IEEE/CVF International Conference on Computer Vision Workshops, 2023. doi:10.1109/ICCVW60793.2023.00389Markdown
[Jiang et al. "IPCert: Provably Robust Intellectual Property Protection for Machine Learning." IEEE/CVF International Conference on Computer Vision Workshops, 2023.](https://mlanthology.org/iccvw/2023/jiang2023iccvw-ipcert/) doi:10.1109/ICCVW60793.2023.00389BibTeX
@inproceedings{jiang2023iccvw-ipcert,
title = {{IPCert: Provably Robust Intellectual Property Protection for Machine Learning}},
author = {Jiang, Zhengyuan and Fang, Minghong and Gong, Neil Zhenqiang},
booktitle = {IEEE/CVF International Conference on Computer Vision Workshops},
year = {2023},
pages = {3614-3623},
doi = {10.1109/ICCVW60793.2023.00389},
url = {https://mlanthology.org/iccvw/2023/jiang2023iccvw-ipcert/}
}