Sakhnovych, Y. (2024). Black-box model watermarking in federated learning [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2024.120214
E194 - Institut für Information Systems Engineering
-
Date (published):
2024
-
Number of Pages:
166
-
Keywords:
Machine Learning; Adversarial Machine Learning; Federated Learning; Intellectual Property Protection; Model Watermarking; Model Inversion
en
Abstract:
Federated learning allows multiple parties to collaboratively train a model, without needing individual participants to directly reveal their private data. However, sharing the model at various stages of training poses risks for the model owners, particularly from insider threats such as malicious clients who may steal the model. To counter these threats, embedding a watermark in the model allows owners to prove ownership and protect against unauthorized use. This thesis aims to evaluate the effectiveness, fidelity, robustness, and efficiency of state-of-the-art federated black-box watermarking approaches. A key focus is on intermediate models, specifically assessing how well these models are protected during the training process, and exploring how they can be exploited in watermark removal attacks. Additionally, this work proposes modifications to existing watermarking methods in federated learning to address the identified vulnerabilities.
