Showing 1–1 of 1 results for author: Charette, L

Cosine Model Watermarking Against Ensemble Distillation

Authors: Laurent Charette, Lingyang Chu, Yizhou Chen, Jian Pei, Lanjun Wang, Yong Zhang

Abstract: Many model watermarking methods have been developed to prevent valuable deployed commercial models from being stealthily stolen by model distillations. However, watermarks produced by most existing model watermarking methods can be easily evaded by ensemble distillation, because averaging the outputs of multiple ensembled models can significantly reduce or even erase the watermarks. In this paper,… ▽ More Many model watermarking methods have been developed to prevent valuable deployed commercial models from being stealthily stolen by model distillations. However, watermarks produced by most existing model watermarking methods can be easily evaded by ensemble distillation, because averaging the outputs of multiple ensembled models can significantly reduce or even erase the watermarks. In this paper, we focus on tackling the challenging task of defending against ensemble distillation. We propose a novel watermarking technique named CosWM to achieve outstanding model watermarking performance against ensemble distillation. CosWM is not only elegant in design, but also comes with desirable theoretical guarantees. Our extensive experiments on public data sets demonstrate the excellent performance of CosWM and its advantages over the state-of-the-art baselines. △ Less

Submitted 5 March, 2022; originally announced March 2022.

Comments: Accepted by AAAI 2022 (see https://aaai-2022.virtualchair.net/poster_aaai3921 ) | A python notebook of the case study can be found at https://developer.huaweicloud.com/develop/aigallery/notebook/detail?id=2d937a91-1692-4f88-94ca-82e1ae8d4d79