Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

Yes We can: Watermarking machine learning models beyond classification

Abstract : Since machine learning models have become a valuable asset for companies, watermarking techniques have been developed to protect the intellectual property of these models and prevent model theft. We observe that current watermarking frameworks solely target image classification tasks, neglecting a considerable part of machine learning techniques. In this paper, we propose to address this lack and study the watermarking process of various machine learning techniques such as machine translation, regression, binary image classification and reinforcement learning models. We adapt current definitions to each specific technique and we evaluate the main characteristics of the watermarking process, in particular the robustness of the models against a rational adversary. We show that watermarking models beyond classification is possible while preserving their overall performance. We further investigate various attacks and discuss the importance of the performance metric in the verification process and its impact on the success of the adversary.
Complete list of metadata
Contributor : Centre De Documentation Eurecom Connect in order to contact the contributor
Submitted on : Monday, February 7, 2022 - 11:45:57 AM
Last modification on : Friday, February 18, 2022 - 3:49:41 PM
Long-term archiving on: : Sunday, May 8, 2022 - 6:35:29 PM


Files produced by the author(s)




Lounici Sofiane, Mohamed Njeh, Orhan Ermis, Melek Önen, Slim Trabelsi. Yes We can: Watermarking machine learning models beyond classification. CFS 2021, 34th IEEE Computer Security Foundations Symposium, Jun 2021, Dubrovnik, Croatia. ⟨10.1109/CSF51468.2021.00044⟩. ⟨hal-03220793⟩



Record views


Files downloads