Protecting artificial intelligence IPs

a survey of watermarking and fingerprinting for machine learning

Review (2021)

Authors

Francesco Regazzoni Vrije Universiteit Amsterdam, ALaRI - USI, Lugano
Paolo Palmieri Cork Constraint Computation Centre
F. Smailbegovic Computer Engineering - EEMCS
Rosario Cammarota Intel Labs
Ilia Polian University of Stuttgart
Research Group
Computer Engineering (EEMCS) (TU Delft)
Copyright: © 2021 Francesco Regazzoni, Paolo Palmieri, F. Smailbegovic, Rosario Cammarota, Ilia Polian
DOI
help_outline
https://doi.org/10.1049/cit2.12029
More Info
expand_more

Published Date

2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Department

Quantum & Computer Engineering

Research Group

Computer Engineering

Abstract

Artificial intelligence (AI) algorithms achieve outstanding results in many application domains such as computer vision and natural language processing. The performance of AI models is the outcome of complex and costly model architecture design and training processes. Hence, it is paramount for model owners to protect their AI models from piracy – model cloning, illegitimate distribution and use. IP protection mechanisms have been applied to AI models, and in particular to deep neural networks, to verify the model ownership. State-of-the-art AI model ownership protection techniques have been surveyed. The pros and cons of AI model ownership protection have been reported. The majority of previous works are focused on watermarking, while more advanced methods such fingerprinting and attestation are promising but not yet explored in depth. This study has been concluded by discussing possible research directions in the area.

Files

Cit2.12029.pdf
(.pdf | 0.565 Mb)