Can IBM Watermark Neural Networks?

August 8, 2018

Leave it to IBM to figure out how to put their stamp on their AI models. Of course, as with other intellectual property, AI code can be stolen, so this is a welcome development for the field. In the article, “IBM Patenting Watermark Technology to Protect Ownership of AI Models at Neowin, we learn the technology is still in development, and the company hasn’t even implemented it in-house yet. However, if all goes well, the technology may find its way into customer products someday. Writer Usama Jawad reports:

“IBM says that it showcased its research regarding watermarking models developed by deep neural networks (DNNs) at the AsiaCCS ’18 conference, where it was proven to be highly robust. As a result, it is now patenting the concept, which details a remote verification mechanism to determine the ownership of DNN models using simple API calls. The company explains that it has developed three watermark generation algorithms…

These use different methods; specifically:

  • Embedding meaningful content together with the original training data as watermarks into the protected DNNs,
  • Embedding irrelevant data samples as watermarks into the protected DNNs
  • Embedding noise as watermarks into the protected DNNs.

We learned:

“IBM says that in its internal testing using several datasets such as MNIST, a watermarked DNN model triggers an ‘unexpected but controlled response’.”

Jawad notes one drawback as of yet—though the software works well online, it still fails to detect ownership when a model is deployed internally. From another article, “IBM Came Up With a Watermark for Neural Networks” at TheNextWeb, we spotted an  interesting tidbit—Writer Tristan Greene points out a distinct lack of code bloat from the watermark. This is an important factor in neural networks, which can be real resource hogs.

For more information, you may want to see IBM’s blog post on the subject or check out the associated research paper. Beyond Search wonders what smart software developers will use these techniques. Amazon, Facebook, Google, Oracle, Palantir Technologies? Universities with IBM research support may be more likely candidates, but that is, of course, speculation from rural Kentucky.

Cynthia Murrell, August 8, 2018

Comments

One Response to “Can IBM Watermark Neural Networks?”

  1. Terrariumtv on August 11th, 2018 1:42 pm

    Great blog.Thank you very much for sharing

Got something to say?





  • Archives

  • Recent Posts

  • Meta