Protecting artificial intelligence IPs: a survey of watermarking and fingerprinting for machine learning

Francesco Regazzoni; Paolo Palmieri; Fethulah Smailbegovic; Rosario Cammarota; Ilia Polian

doi:10.1049/cit2.12029

Protecting artificial intelligence IPs: a survey of watermarking and fingerprinting for machine learning

Francesco Regazzoni^*, Paolo Palmieri, Fethulah Smailbegovic, Rosario Cammarota, Ilia Polian

^*Corresponding author for this work

Computer Engineering

Research output: Contribution to journal › Review article › peer-review

11 Citations (Scopus)

268 Downloads (Pure)

Abstract

Artificial intelligence (AI) algorithms achieve outstanding results in many application domains such as computer vision and natural language processing. The performance of AI models is the outcome of complex and costly model architecture design and training processes. Hence, it is paramount for model owners to protect their AI models from piracy – model cloning, illegitimate distribution and use. IP protection mechanisms have been applied to AI models, and in particular to deep neural networks, to verify the model ownership. State-of-the-art AI model ownership protection techniques have been surveyed. The pros and cons of AI model ownership protection have been reported. The majority of previous works are focused on watermarking, while more advanced methods such fingerprinting and attestation are promising but not yet explored in depth. This study has been concluded by discussing possible research directions in the area.

Original language	English
Pages (from-to)	180-191
Number of pages	12
Journal	CAAI Transactions on Intelligence Technology
Volume	6
Issue number	2
DOIs	https://doi.org/10.1049/cit2.12029
Publication status	Published - 2021

Access to Document

10.1049/cit2.12029

cit2.12029Final published version, 434 KB

Cite this

@article{d183a3f32c324f07b2e5803627acaa89,

title = "Protecting artificial intelligence IPs: a survey of watermarking and fingerprinting for machine learning",

abstract = "Artificial intelligence (AI) algorithms achieve outstanding results in many application domains such as computer vision and natural language processing. The performance of AI models is the outcome of complex and costly model architecture design and training processes. Hence, it is paramount for model owners to protect their AI models from piracy – model cloning, illegitimate distribution and use. IP protection mechanisms have been applied to AI models, and in particular to deep neural networks, to verify the model ownership. State-of-the-art AI model ownership protection techniques have been surveyed. The pros and cons of AI model ownership protection have been reported. The majority of previous works are focused on watermarking, while more advanced methods such fingerprinting and attestation are promising but not yet explored in depth. This study has been concluded by discussing possible research directions in the area.",

author = "Francesco Regazzoni and Paolo Palmieri and Fethulah Smailbegovic and Rosario Cammarota and Ilia Polian",

year = "2021",

doi = "10.1049/cit2.12029",

language = "English",

volume = "6",

pages = "180--191",

journal = "CAAI Transactions on Intelligence Technology",

issn = "2468-6557",

publisher = "Institution of Engineering and Technology",

number = "2",

}

TY - JOUR

T1 - Protecting artificial intelligence IPs

T2 - a survey of watermarking and fingerprinting for machine learning

AU - Regazzoni, Francesco

AU - Palmieri, Paolo

AU - Smailbegovic, Fethulah

AU - Cammarota, Rosario

AU - Polian, Ilia

PY - 2021

Y1 - 2021

N2 - Artificial intelligence (AI) algorithms achieve outstanding results in many application domains such as computer vision and natural language processing. The performance of AI models is the outcome of complex and costly model architecture design and training processes. Hence, it is paramount for model owners to protect their AI models from piracy – model cloning, illegitimate distribution and use. IP protection mechanisms have been applied to AI models, and in particular to deep neural networks, to verify the model ownership. State-of-the-art AI model ownership protection techniques have been surveyed. The pros and cons of AI model ownership protection have been reported. The majority of previous works are focused on watermarking, while more advanced methods such fingerprinting and attestation are promising but not yet explored in depth. This study has been concluded by discussing possible research directions in the area.

AB - Artificial intelligence (AI) algorithms achieve outstanding results in many application domains such as computer vision and natural language processing. The performance of AI models is the outcome of complex and costly model architecture design and training processes. Hence, it is paramount for model owners to protect their AI models from piracy – model cloning, illegitimate distribution and use. IP protection mechanisms have been applied to AI models, and in particular to deep neural networks, to verify the model ownership. State-of-the-art AI model ownership protection techniques have been surveyed. The pros and cons of AI model ownership protection have been reported. The majority of previous works are focused on watermarking, while more advanced methods such fingerprinting and attestation are promising but not yet explored in depth. This study has been concluded by discussing possible research directions in the area.

UR - http://www.scopus.com/inward/record.url?scp=85103546968&partnerID=8YFLogxK

U2 - 10.1049/cit2.12029

DO - 10.1049/cit2.12029

M3 - Review article

AN - SCOPUS:85103546968

SN - 2468-6557

VL - 6

SP - 180

EP - 191

JO - CAAI Transactions on Intelligence Technology

JF - CAAI Transactions on Intelligence Technology

IS - 2

ER -

Protecting artificial intelligence IPs: a survey of watermarking and fingerprinting for machine learning

Abstract

Access to Document

Other files and links

Fingerprint

Cite this