research-article

FedMCT: A Federated Framework for Intellectual Property Protection and Malicious Client Tracking

Authors:

Hongmei LiuAuthors Info & Claims

ICMLC '24: Proceedings of the 2024 16th International Conference on Machine Learning and Computing

Pages 80 - 86

https://doi.org/10.1145/3651671.3651710

Published: 07 June 2024 Publication History

Abstract

In the era of big data, federated learning (FL) emerges as a solution to train models collectively without exposing individual data, maintaining similar accuracy to models trained on shared datasets. However, challenges arise with the advent of privacy inference attacks and model theft, posing significant threats to the privacy of FL models, especially regarding intellectual property (IP) protection. This paper introduces FedMCT (Federated Malicious Client Tracking), a novel framework addressing these challenges in the FL context. The FedMCT framework is a new approach to protect IP rights of FL clients and track cheaters, which can improve efficiency in resource-heterogeneous environments. By embedding unique watermarks or fingerprints in Deep Neural Network (DNN) models, we can protect model IP. We employ a configuration round before watermark embedding, segmenting clients based on performance for tiered model watermarking. We also propose a tiered watermarking and traitor tracking mechanism, which reduces the tracking time and ensures high traitor tracking efficiency. Extensive experiments validate our solution’s efficacy in maintaining original model performance, watermark privacy, and detectability, robust against various attacks, demonstrating superior traitor tracing efficiency compared to existing frameworks.

References

[1]

Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, and Joseph Keshet. 2018. Turning your weakness into a strength: Watermarking deep neural networks by backdooring. In 27th { USENIX} Security Symposium ({ USENIX} Security 18). 1615–1631.

[2]

Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How to backdoor federated learning. In International conference on artificial intelligence and statistics. PMLR, 2938–2948.

[3]

Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017).

[4]

Thanh-Toan Do, Tuan Hoang, Dang-Khoa Le Tan, Anh-Dzung Doan, and Ngai-Man Cheung. 2019. Compact hash code learning with binary deep neural network. IEEE Transactions on Multimedia 22, 4 (2019), 992–1004.

Digital Library

[5]

Lixin Fan, Kam Woh Ng, Chee Seng Chan, and Qiang Yang. 2021. DeepIPR: Deep neural network ownership verification with passports. IEEE Transactions on Pattern Analysis and Machine Intelligence 44, 10 (2021), 6122–6139.

Digital Library

[6]

Le Feng and Xinpeng Zhang. 2020. Watermarking neural network with compensation mechanism. In Knowledge Science, Engineering and Management: 13th International Conference, KSEM 2020, Hangzhou, China, August 28–30, 2020, Proceedings, Part II 13. Springer, 363–375.

[7]

Peter Kairouz, H Brendan McMahan, Brendan Avent, Aurélien Bellet, Mehdi Bennis, Arjun Nitin Bhagoji, Kallista Bonawitz, Zachary Charles, Graham Cormode, Rachel Cummings, 2021. Advances and open problems in federated learning. Foundations and Trends® in Machine Learning 14, 1–2 (2021), 1–210.

Digital Library

[8]

Martin Kleppmann. 2017. Designing data-intensive applications: The big ideas behind reliable, scalable, and maintainable systems. " O’Reilly Media, Inc.".

[9]

Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. Advances in neural information processing systems 25 (2012).

[10]

Minoru Kuribayashi, Takuro Tanaka, and Nobuo Funabiki. 2020. Deepwatermark: Embedding watermark into DNN model. In 2020 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC). IEEE, 1340–1346.

[11]

Mohammed Lansari, Reda Bellafqira, Katarzyna Kapusta, Vincent Thouvenot, Olivier Bettan, and Gouenou Coatrieux. 2023. When Federated Learning Meets Watermarking: A Comprehensive Overview of Techniques for Intellectual Property Protection. Machine Learning and Knowledge Extraction 5, 4 (2023), 1382–1406.

[12]

Bowen Li, Lixin Fan, Hanlin Gu, Jie Li, and Qiang Yang. 2022. FedIPR: Ownership verification for federated deep neural network models. IEEE Transactions on Pattern Analysis and Machine Intelligence (2022).

[13]

Fang-Qi Li, Shi-Lin Wang, and Alan Wee-Chung Liew. 2021. Merkle-Sign: Watermarking Framework for Deep Neural Networks in Federated Learning. (2021).

[14]

Junchuan Liang and Rong Wang. 2023. FedCIP: Federated Client Intellectual Property Protection with Traitor Tracking. arXiv preprint arXiv:2306.01356 (2023).

[15]

Jierui Lin, Min Du, and Jian Liu. 2019. Free-riders in federated learning: Attacks and defenses. arXiv preprint arXiv:1911.12560 (2019).

[16]

Xiyao Liu, Shuo Shao, Yue Yang, Kangming Wu, Wenyuan Yang, and Hui Fang. 2021. Secure federated learning model verification: A client-side backdoor triggered watermarking scheme. In 2021 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE, 2414–2419.

Digital Library

[17]

Nils Lukas, Yuxuan Zhang, and Florian Kerschbaum. 2019. Deep neural network fingerprinting by conferrable adversarial examples. arXiv preprint arXiv:1912.00888 (2019).

[18]

Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial intelligence and statistics. PMLR, 1273–1282.

[19]

Yisroel Mirsky, Ambra Demontis, Jaidip Kotak, Ram Shankar, Deng Gelei, Liu Yang, Xiangyu Zhang, Maura Pintor, Wenke Lee, Yuval Elovici, 2022. The threat of offensive ai to organizations. Computers & Security (2022), 103006.

[20]

Yuki Nagai, Yusuke Uchida, Shigeyuki Sakazawa, and Shin’ichi Satoh. 2018. Digital watermarking for deep neural networks. International Journal of Multimedia Information Retrieval 7 (2018), 3–16.

[21]

Hanchi Ren, Jingjing Deng, and Xianghua Xie. 2022. GRNN: Generative regression neural network—A data leakage attack for federated learning. ACM Transactions on Intelligent Systems and Technology (TIST) 13, 4 (2022), 1–24.

Digital Library

[22]

Shuo Shao, Wenyuan Yang, Hanlin Gu, Zhan Qin, Lixin Fan, Qiang Yang, and Kui Ren. 2022. Fedtracker: Furnishing ownership verification and traceability for federated learning model. arXiv preprint arXiv:2211.07160 (2022).

[23]

Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014).

[24]

Buse GA Tekgul, Yuxi Xia, Samuel Marchal, and N Asokan. 2021. WAFFLE: Watermarking in federated learning. In 2021 40th International Symposium on Reliable Distributed Systems (SRDS). IEEE, 310–320.

[25]

Florian Tramèr, Fan Zhang, Ari Juels, Michael K Reiter, and Thomas Ristenpart. 2016. Stealing Machine Learning Models via Prediction APIs. In USENIX security symposium, Vol. 16. 601–618.

[26]

Isak Voltaire Edoh. 2022. Federated Learning with FEDn for Financial Market Surveillance.

[27]

Jiangfeng Wang, Hanzhou Wu, Xinpeng Zhang, and Yuwei Yao. 2020. Watermarking in deep neural networks via error back-propagation. Electronic Imaging 2020, 4 (2020), 22–1.

[28]

Zhibo Wang, Mengkai Song, Zhifei Zhang, Yang Song, Qian Wang, and Hairong Qi. 2019. Beyond inferring class representatives: User-level privacy leakage from federated learning. In IEEE INFOCOM 2019-IEEE conference on computer communications. IEEE, 2512–2520.

Digital Library

[29]

Xiangyu Zhao, Yinzhe Yao, Hanzhou Wu, and Xinpeng Zhang. 2021. Structural watermarking to deep neural networks via network channel pruning. In 2021 IEEE International Workshop on Information Forensics and Security (WIFS). IEEE, 1–6.

Cited By

Shifani SMary Metilda MRajkumar GMuppudathi Sutha SMaheshwari SMary A(2024)Experimental Evaluation of a Secured Privacy Preservation Scheme using IP Traceback Logic in Wireless Sensor Networks2024 5th International Conference on Smart Electronics and Communication (ICOSEC)10.1109/ICOSEC61587.2024.10722428(607-613)Online publication date: 18-Sep-2024
https://doi.org/10.1109/ICOSEC61587.2024.10722428

Index Terms

FedMCT: A Federated Framework for Intellectual Property Protection and Malicious Client Tracking
1. Security and privacy
  1. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

Watermarking in Secure Federated Learning: A Verification Framework Based on Client-Side Backdooring
Federated learning (FL) allows multiple participants to collaboratively build deep learning (DL) models without directly sharing data. Consequently, the issue of copyright protection in FL becomes important since unreliable participants may gain access to ...
Dual-wrapped digital watermarking scheme for image copyright protection

Digital watermarking is an effective way to protect the rightful ownership of multimedia contents. In this paper, a two-phase watermarking scheme is proposed, which extracts both the grayscale watermark and the binary one from the protected images to ...
Active intellectual property protection for deep neural networks through stealthy backdoor and users’ identities authentication
Abstract
Recently, the intellectual properties (IP) protection of deep neural networks (DNN) has attracted serious concerns. A number of DNN copyright protection methods have been proposed. However, most of the existing DNN watermarking methods can only ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICMLC '24: Proceedings of the 2024 16th International Conference on Machine Learning and Computing

February 2024

757 pages

ISBN:9798400709234

DOI:10.1145/3651671

Copyright © 2024 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 2024

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICMLC 2024

ICMLC 2024: 2024 16th International Conference on Machine Learning and Computing

February 2 - 5, 2024

Shenzhen, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
62
Total Downloads

Downloads (Last 12 months)62
Downloads (Last 6 weeks)15

Reflects downloads up to 05 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Shifani SMary Metilda MRajkumar GMuppudathi Sutha SMaheshwari SMary A(2024)Experimental Evaluation of a Secured Privacy Preservation Scheme using IP Traceback Logic in Wireless Sensor Networks2024 5th International Conference on Smart Electronics and Communication (ICOSEC)10.1109/ICOSEC61587.2024.10722428(607-613)Online publication date: 18-Sep-2024
https://doi.org/10.1109/ICOSEC61587.2024.10722428

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten