Outsourcing and shifting complex Machine Learning (ML) models to cloud services witnessed a great growth over the past years as the costs of producing, maintaining, and processing data can be decreased this way. However, training ML models usually requires vast amount of data and computational resources. Because of this, ML models are considered valuable assets and sharing them entails potential intellectual property theft.
Watermarking and fingerprinting are approaches for protecting ownership of various types of digital property, including those relevant in ML process - various types of data and ML models. By embedding a mark into a digital object these methods enable the owners to share these objects in their full form while enabling ownership claim and/or tracing recipients. One of the most important requirements for such techniques is robustness, i. e. the marks should not be easily altered and removed by malicious attacks or benign alteration of the digital object. Secondly the perceptibility of marks should be minimized to reduce the success of the attacks and to maximize the utility of these digital objects.
In this talk you will learn about state-of-the-art methods for watermarking and fingerprinting ML models, their vulnerabilities and challenges in protecting ownership of digital content in ML process.”