-
[pdf]
[supp]
[bibtex]@InProceedings{Jiang_2023_ICCV, author = {Jiang, Zhengyuan and Fang, Minghong and Gong, Neil Zhenqiang}, title = {IPCert: Provably Robust Intellectual Property Protection for Machine Learning}, booktitle = {Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV) Workshops}, month = {October}, year = {2023}, pages = {3612-3621} }
IPCert: Provably Robust Intellectual Property Protection for Machine Learning
Abstract
Watermarking and fingerprinting are two popular methods to protect intellectual property (IP) of a model. In particular, a model owner can use them to detect whether a given model is a stolen version of its model. Robustness against perturbation added to a model is a key desired property for IP protection methods. In this work, we first show that existing IP protection methods are not robust against model perturbations in the worst-case scenarios as previously thought. Second, we propose a randomized smoothing based framework that can turn a watermarking/fingerprinting method to be provably robust against model perturbations. However, a straightforward application of randomized smoothing achieves suboptimal provable robustness. To address the challenge, we propose optimization strategies to enhance provable robustness. We evaluate our framework on multiple datasets to show its provable robustness.
Related Material