TY - GEN
T1 - A Joint Client-Server Watermarking Framework for Federated Learning
AU - Fang, Shufen
AU - Gai, Keke
AU - Yu, Jing
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.
PY - 2024
Y1 - 2024
N2 - Federated Learning is a distributed machine learning framework, which is based on the principle of coordinating clients to train models on their private datasets through a centralized server without direct data exchange. It mitigates data privacy risks and improves efficiency, but there is still the risk of model theft, model plagiarism, and unauthorized distribution from adversaries. Watermarking is a well-known paradigm used to prevent these issues. It protects model intellectual property by providing proof of the violation issue’s existence. Some recent studies have focused on embedding watermarks on either the client or the server side alone. However, in reality, both the server and clients have ownership of the model. In this paper, we propose a joint client-server watermark embedding framework to protect the intellectual property of both sides. White-box watermark is embedded on the client side and black-box watermark is on the server side. Clients and server can verify their embedded watermarks independently to claim ownership of the model. In addition, we employ continual learning to address the catastrophic forgetting issue. Our experimental results demonstrate that our proposed method can effectively deal with classical watermark removal attacks and is compatible with Differential Privacy.
AB - Federated Learning is a distributed machine learning framework, which is based on the principle of coordinating clients to train models on their private datasets through a centralized server without direct data exchange. It mitigates data privacy risks and improves efficiency, but there is still the risk of model theft, model plagiarism, and unauthorized distribution from adversaries. Watermarking is a well-known paradigm used to prevent these issues. It protects model intellectual property by providing proof of the violation issue’s existence. Some recent studies have focused on embedding watermarks on either the client or the server side alone. However, in reality, both the server and clients have ownership of the model. In this paper, we propose a joint client-server watermark embedding framework to protect the intellectual property of both sides. White-box watermark is embedded on the client side and black-box watermark is on the server side. Clients and server can verify their embedded watermarks independently to claim ownership of the model. In addition, we employ continual learning to address the catastrophic forgetting issue. Our experimental results demonstrate that our proposed method can effectively deal with classical watermark removal attacks and is compatible with Differential Privacy.
KW - Federated Learning
KW - Intellectual Property Protection
KW - Watermarking
UR - https://www.scopus.com/pages/publications/85206216547
U2 - 10.1007/978-981-97-5501-1_32
DO - 10.1007/978-981-97-5501-1_32
M3 - Conference contribution
AN - SCOPUS:85206216547
SN - 9789819755004
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 424
EP - 436
BT - Knowledge Science, Engineering and Management - 17th International Conference, KSEM 2024, Proceedings
A2 - Cao, Cungeng
A2 - Chen, Huajun
A2 - Zhao, Liang
A2 - Arshad, Junaid
A2 - Wang, Yonghao
A2 - Asyhari, Taufiq
PB - Springer Science and Business Media Deutschland GmbH
T2 - 17th International Conference on Knowledge Science, Engineering and Management, KSEM 2024
Y2 - 16 August 2024 through 18 August 2024
ER -