Skip to main content
Springer Nature Link
Log in

VeriChroma: Ownership Verification for Federated Models via RGB Filters

  • Conference paper
  • First Online:
Euro-Par 2024: Parallel Processing (Euro-Par 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14802))

Included in the following conference series:

Abstract

The rapid evolution of artificial intelligence (AI), especially in deep learning, is significantly driven by big data. However, the intensive resources required for training deep neural networks (DNN) highlight the urgent need for effective model protection and ownership verification. Current neural network watermarking methods fall short in federated learning contexts. This paper introduces VeriChroma, an innovative framework crafted to secure DNN models and affirm ownership within such environments. VeriChroma enables clients to embed and verify private ID-based watermarks independently, ensuring straightforward ownership claims. Through strategic image blocking and positional mapping, it overcomes conflicts between client constraints, ensuring tailored watermark integration. Furthermore, VeriChroma utilizes RGB filters for watermark triggers, bolstering both the robustness and stealth of the watermarking process. Our findings underscore VeriChroma’s effectiveness and practicality, showcasing its potential to enhance DNN model security, resolve federated learning disputes, and provide secure, unobtrusive watermarking, marking a significant advancement in federated learning security and intellectual property rights protection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Cheng, H., et al.: Deepdist: a black-box anti-collusion framework for secure distribution of deep models. IEEE Trans. Circ. Syst. Video Technol. 34, 97–109 (2023). https://doi.org/10.1109/TCSVT.2023.3284914

    Article  Google Scholar 

  2. Deng, L.: The mnist database of handwritten digit images for machine learning research [best of the web]. IEEE Signal Process. Mag. 29(6), 141–142 (2012)

    Article  Google Scholar 

  3. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)

    Google Scholar 

  4. Krizhevsky, A., Hinton, G., et al.: Learning multiple layers of features from tiny images (2009)

    Google Scholar 

  5. LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278–2324 (1998)

    Article  Google Scholar 

  6. Li, B., Fan, L., Gu, H., Li, J., Yang, Q.: Fedipr: ownership verification for federated deep neural network models. IEEE Trans. Pattern Anal. Mach. Intell. 45(4), 4521–4536 (2023). https://doi.org/10.1109/TPAMI.2022.3195956

    Article  Google Scholar 

  7. Li, D., Liu, D., Guo, Y., Ren, Y., Su, J., Liu, J.: Defending against model extraction attacks with physical unclonable function. Inf. Sci. 628, 196–207 (2023)

    Article  Google Scholar 

  8. Li, T., Sahu, A.K., Zaheer, M., Sanjabi, M., Talwalkar, A., Smith, V.: Federated optimization in heterogeneous networks. Proc. Mach. Learn. Syst. 2, 429–450 (2020)

    Google Scholar 

  9. Liu, X., Shao, S., Yang, Y., Wu, K., Yang, W., Fang, H.: Secure federated learning model verification: a client-side backdoor triggered watermarking scheme. In: 2021 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 2414–2419. IEEE (2021)

    Google Scholar 

  10. McMahan, B., Moore, E., Ramage, D., Hampson, S., Arcas, B.A.y.: Communication-Efficient Learning of Deep Networks from Decentralized Data. In: Singh, A., Zhu, J. (eds.) Proceedings of the 20th International Conference on Artificial Intelligence and Statistics. Proceedings of Machine Learning Research, vol. 54, pp. 1273–1282. PMLR (2017). https://proceedings.mlr.press/v54/mcmahan17a.html

  11. Nie, H., Lu, S.: Fedcrmw: federated model ownership verification with compression-resistant model watermarking. Expert Syst. Appl. 249, 123776 (2024). https://doi.org/10.1016/j.eswa.2024.123776

    Article  Google Scholar 

  12. Nie, H., Lu, S.: Persistverify: federated model ownership verification with spatial attention and boundary sampling. Knowl.-Based Syst. 293, 111675 (2024). https://doi.org/10.1016/j.knosys.2024.111675

    Article  Google Scholar 

  13. Nie, H., Lu, S., Wu, J., Zhu, J.: Deep model intellectual property protection with compression-resistant model watermarking. IEEE Trans. Artif. Intell. (2024). https://doi.org/10.1109/TAI.2024.3351116

  14. Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)

  15. Tan, J., Zhong, N., Qian, Z., Zhang, X., Li, S.: Deep neural network watermarking against model extraction attack. In: Proceedings of the 31st ACM International Conference on Multimedia, MM 2023, pp. 1588–1597. Association for Computing Machinery, New York (2023). https://doi.org/10.1145/3581783.3612515

  16. Tekgul, B.G., Xia, Y., Marchal, S., Asokan, N.: Waffle: watermarking in federated learning. In: 2021 40th International Symposium on Reliable Distributed Systems (SRDS), pp. 310–320. IEEE (2021)

    Google Scholar 

  17. Wang, H., Yurochkin, M., Sun, Y., Papailiopoulos, D., Khazaeni, Y.: Federated learning with matched averaging. arXiv preprint arXiv:2002.06440 (2020)

  18. Wang, R., et al.: Free fine-tuning: a plug-and-play watermarking scheme for deep neural networks. In: Proceedings of the 31st ACM International Conference on Multimedia, MM 2023, pp. 8463–8474. Association for Computing Machinery, New York (2023). https://doi.org/10.1145/3581783.3612331

  19. Wang, T., Kerschbaum, F.: Riga: covert and robust white-box watermarking of deep neural networks. In: Proceedings of the Web Conference 2021, WWW 2021, pp. 993–1004. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3442381.3450000

  20. Wu, T., et al.: CITS-MEW: multi-party entangled watermark in cooperative intelligent transportation system. IEEE Trans. Intell. Transp. Syst. 24(3), 3528–3540 (2022)

    Article  Google Scholar 

  21. Zeng, Y., Tan, J., You, Z., Qian, Z., Zhang, X.: Watermarks for generative adversarial network based on steganographic invisible backdoor. In: 2023 IEEE International Conference on Multimedia and Expo (ICME), pp. 1211–1216 (2023). https://doi.org/10.1109/ICME55011.2023.00211

Download references

Author information

Authors and Affiliations

  1. School of Cyber Science and Engineering, Huazhong university of Science and Technology, Wuhan, 430074, China

    Hewang Nie, Songfeng Lu, Jue Xiao, Zhi Lu & Zepu Yi

  2. Clinical Research Institute, Affiliated South China Hospital, University of South China, Hengyang, 421001, Hunan, China

    Mu Wang

Authors
  1. Hewang Nie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Songfeng Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jue Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhi Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zepu Yi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Songfeng Lu .

Editor information

Editors and Affiliations

  1. University Carlos III of Madrid, Madrid, Spain

    Jesus Carretero

  2. University of Oregon, Eugene, OR, USA

    Sameer Shende

  3. University Carlos III of Madrid, Madrid, Spain

    Javier Garcia-Blas

  4. TU Wien, Vienna, Austria

    Ivona Brandic

  5. Universidad Complutense de Madrid, Madrid, Spain

    Katzalin Olcoz

  6. Université Grenoble Alpes, Saint Martin d'Hères, France

    Martin Schreiber

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nie, H., Lu, S., Wang, M., Xiao, J., Lu, Z., Yi, Z. (2024). VeriChroma: Ownership Verification for Federated Models via RGB Filters. In: Carretero, J., Shende, S., Garcia-Blas, J., Brandic, I., Olcoz, K., Schreiber, M. (eds) Euro-Par 2024: Parallel Processing. Euro-Par 2024. Lecture Notes in Computer Science, vol 14802. Springer, Cham. https://doi.org/10.1007/978-3-031-69766-1_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-69766-1_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-69765-4

  • Online ISBN: 978-3-031-69766-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics