Protecting artificial intelligence IPs
a survey of watermarking and fingerprinting for machine learning
Francesco Regazzoni (ALaRI - USI, Lugano, Vrije Universiteit Amsterdam)
Paolo Palmieri (Cork Constraint Computation Centre)
Fethulah Smailbegovic (TU Delft - Computer Engineering)
Rosario Cammarota (Intel Labs)
Ilia Polian (University of Stuttgart)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Artificial intelligence (AI) algorithms achieve outstanding results in many application domains such as computer vision and natural language processing. The performance of AI models is the outcome of complex and costly model architecture design and training processes. Hence, it is paramount for model owners to protect their AI models from piracy – model cloning, illegitimate distribution and use. IP protection mechanisms have been applied to AI models, and in particular to deep neural networks, to verify the model ownership. State-of-the-art AI model ownership protection techniques have been surveyed. The pros and cons of AI model ownership protection have been reported. The majority of previous works are focused on watermarking, while more advanced methods such fingerprinting and attestation are promising but not yet explored in depth. This study has been concluded by discussing possible research directions in the area.