loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Sofiane Lounici 1 ; Mohamed Njeh 2 ; Orhan Ermis 2 ; Melek Önen 2 and Slim Trabelsi 1

Affiliations: 1 SAP Security Research, France ; 2 EURECOM, France

Keyword(s): Watermarking, Neural Networks, Privacy.

Abstract: With the development of machine learning models for task automation, watermarking appears to be a suitable solution to protect one’s own intellectual property. Indeed, by embedding secret specific markers into the model, the model owner is able to analyze the behavior of any model on these markers, called trigger instances and hence claim its ownership if this is the case. However, in the context of a Machine Learning as a Service (MLaaS) platform where models are available for inference, an attacker could forge such proofs in order to steal the ownership of these watermarked models in order to make a profit out of it. This type of attacks, called watermark forging attacks, is a serious threat against the intellectual property of models owners. Current work provides limited solutions to this problem: They constrain model owners to disclose either their models or their trigger set to a third party. In this paper, we propose counter-measures against watermark forging attacks, in a blac k-box environment and compatible with privacy-preserving machine learning where both the model weights and the inputs could be kept private. We show that our solution successfully prevents two different types of watermark forging attacks with minimalist assumptions regarding either the access to the model’s weight or the content of the trigger set. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.145.8.139

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Lounici, S.; Njeh, M.; Ermis, O.; Önen, M. and Trabelsi, S. (2021). Preventing Watermark Forging Attacks in a MLaaS Environment. In Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-524-1; ISSN 2184-7711, SciTePress, pages 295-306. DOI: 10.5220/0010560602950306

@conference{secrypt21,
author={Sofiane Lounici. and Mohamed Njeh. and Orhan Ermis. and Melek Önen. and Slim Trabelsi.},
title={Preventing Watermark Forging Attacks in a MLaaS Environment},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT},
year={2021},
pages={295-306},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010560602950306},
isbn={978-989-758-524-1},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT
TI - Preventing Watermark Forging Attacks in a MLaaS Environment
SN - 978-989-758-524-1
IS - 2184-7711
AU - Lounici, S.
AU - Njeh, M.
AU - Ermis, O.
AU - Önen, M.
AU - Trabelsi, S.
PY - 2021
SP - 295
EP - 306
DO - 10.5220/0010560602950306
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic