Reliable Model Watermarking: Defending Against Theft without Compromising on Evasion

arXiv:2404.13518v1 Announce Type: new
Abstract: With the rise of Machine Learning as a Service (MLaaS) platforms,safeguarding the intellectual property of deep learning models is becoming paramount. Among various protective measures, trigger set watermarking has emerged as a flexible and effective strategy for preventing unauthorized model distribution. However, this paper identifies an inherent flaw in the current paradigm of trigger set watermarking: evasion adversaries can readily exploit the shortcuts created by models memorizing watermark samples that deviate from the main task …

arxiv cs.ai cs.cr deep learning defending distribution evasion intellectual property machine machine learning paramount platforms property safeguarding service strategy theft trigger unauthorized watermarking