Watermarking Protocol for Deep Neural Network Ownership Regulation in Federated Learning

Abstract

With the wide application of deep learning models, it is important to verify an author’s possession over a deep neural network model by watermarks and protect the model. The development of distributed learning paradigms such as federated learning raises new challenges for model protection. Each author should be able to conduct independent verification and trace traitors. To meet those requirements, we propose a watermarking protocol, Merkle-Sign to meet the prerequisites for ownership verification in federated learning. Our work paves the way for generalizing watermark as a practical security mechanism for protecting deep learning models in distributed learning platforms.