Watermarking in Secure Federated Learning: A Verification Framework Based on Client-Side Backdooring

被引:0
|
作者
Yang, Wenyuan [1 ]
Shao, Shuo [2 ]
Yang, Yue [3 ]
Liu, Xiyao [4 ]
Liu, Ximeng [5 ]
Xia, Zhihua [6 ]
Schaefer, Gerald [7 ]
Fang, Hui [7 ]
机构
[1] Sun Yat Sen Univ, 66 Gongchang Rd, Shenzhen 518107, Guangdong, Peoples R China
[2] Zhejiang Univ, 38 Zheda Rd, Hangzhou 310058, Zhejiang, Peoples R China
[3] Shanghai Jiao Tong Univ, 800 Dongchuan Rd, Shanghai 200240, Peoples R China
[4] Cent South Univ, 932 Lushannan Rd, Changsha 410083, Hunan, Peoples R China
[5] Fuzhou Univ, 2 Wulongjiangbei Ave, Fuzhou 350108, Fujian, Peoples R China
[6] Jinan Univ, 601 Huangpu Ave, Guangzhou 510632, Guangdong, Peoples R China
[7] Loughborough Univ, Epinal Way, Loughborough LE11 3TU, Leics, England
来源
ACM TRANSACTIONS ON INTELLIGENT SYSTEMS AND TECHNOLOGY | 2024年 / 15卷 / 01期
基金
中国国家自然科学基金; 国家重点研发计划;
关键词
Federated learning; copyright protection; digital watermark; client-side backdooring;
D O I
10.1145/3630636
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Federated learning (FL) allows multiple participants to collaboratively build deep learning (DL) models without directly sharing data. Consequently, the issue of copyright protection in FL becomes important since unreliable participants may gain access to the jointly trained model. Application of homomorphic encryption (HE) in a secure FL framework prevents the central server from accessing plaintext models. Thus, it is no longer feasible to embed the watermark at the central server using existing watermarking schemes. In this article, we propose a novel client-side FL watermarking scheme to tackle the copyright protection issue in secure FL with HE. To the best of our knowledge, it is the first scheme to embed the watermark to models under a secure FL environment. We design a black-box watermarking scheme based on client-side backdooring to embed a pre-designed trigger set into an FL model by a gradient-enhanced embedding method. Additionally, we propose a trigger set construction mechanism to ensure that the watermark cannot be forged. Experimental results demonstrate that our proposed scheme delivers outstanding protection performance and robustness against various watermark removal attacks and ambiguity attack.
引用
收藏
页数:25
相关论文
共 50 条
  • [1] Secure Federated Learning Model Verification: A Client-side Backdoor Triggered Watermarking Scheme
    Liu, Xiyao
    Shao, Shuo
    Yang, Yue
    Wu, Kangming
    Yang, Wenyuan
    Fang, Hui
    [J]. 2021 IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN, AND CYBERNETICS (SMC), 2021, : 2414 - 2419
  • [2] Client-Side Gradient Inversion Attack in Federated Learning Using Secure Aggregation
    Sun, Yu
    Liu, Zheng
    Cui, Jian
    Liu, Jianhua
    Ma, Kailang
    Liu, Jianwei
    [J]. IEEE INTERNET OF THINGS JOURNAL, 2024, 11 (17): : 28774 - 28786
  • [3] FedSC: A federated learning algorithm based on client-side clustering
    Wang, Zhuang
    Liu, Renting
    Xu, Jie
    Fu, Yusheng
    [J]. ELECTRONIC RESEARCH ARCHIVE, 2023, 31 (09): : 5226 - 5249
  • [4] Secure Client-Side Digital Watermarking Using Optimal Key Selection
    Jiang, Jing-Jing
    Pun, Chi-Man
    [J]. COMMUNICATION AND NETWORKING, PT II, 2011, 266 : 162 - 168
  • [5] FedDefender: Client-Side Attack-Tolerant Federated Learning
    Park, Sungwon
    Han, Sungwon
    Wu, Fangzhao
    Kim, Sundong
    Zhu, Bin
    Xie, Xing
    Cha, Meeyoung
    [J]. PROCEEDINGS OF THE 29TH ACM SIGKDD CONFERENCE ON KNOWLEDGE DISCOVERY AND DATA MINING, KDD 2023, 2023, : 1850 - 1861
  • [6] Adaptive Client-Side LUT-Based Digital Watermarking
    Pun, Chi-Man
    Jiang, Jing-Jing
    Chen, C. L. Philip
    [J]. TRUSTCOM 2011: 2011 INTERNATIONAL JOINT CONFERENCE OF IEEE TRUSTCOM-11/IEEE ICESS-11/FCST-11, 2011, : 795 - 799
  • [7] Client-Side Biometric Verification Based on Trusted Computing
    Vossaert, Jan
    Lapon, Jorn
    De Decker, Bart
    Naessens, Vincent
    [J]. COMMUNICATIONS AND MULTIMEDIA SECURITY, CMS 2013, 2013, 8099 : 34 - 49
  • [8] Client-Side Optimization Strategies for Communication-Efficient Federated Learning
    Mills, Jed
    Hu, Jia
    Min, Geyong
    [J]. IEEE COMMUNICATIONS MAGAZINE, 2022, 60 (07) : 60 - 66
  • [9] A Joint Client-Server Watermarking Framework for Federated Learning
    Fang, Shufen
    Gai, Keke
    Yu, Jing
    [J]. KNOWLEDGE SCIENCE, ENGINEERING AND MANAGEMENT, PT IV, KSEM 2024, 2024, 14887 : 424 - 436
  • [10] Efficient Federated Learning with Adaptive Client-Side Hyper-Parameter Optimization
    Kundroo, Majid
    Kim, Taehong
    [J]. 2023 IEEE 43RD INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS, ICDCS, 2023, : 973 - 974
12345