/ml-model-watermarking

Protect your machine learning models easily and securely with watermarking 🔑

Primary LanguagePythonApache License 2.0Apache-2.0

Important Notice

This public repository is read-only and no longer maintained.


Hurl LogoHurl Logo

REUSE LICENSE

Protect your machine learning models easily and securely with watermarking 🔑


The concept of digital watermarking has been known for 30 years, mainly for image and audio contents. The goal is to insert a unique, hidden and non-removable signal in the original content, to be used as an identifier. If a thief steals a content, the original owner can still prove his/her ownership. ML Model Watermarking offers basic primitives for researchers and machine learning enthusiasts to watermark their models, without advanced knowledge of underlying concepts.

  • 📖 Watermark models on various tasks, such as image classification or sentiment analysis, with a compatibility with the main Machine Learning frameworks like Scikit-learn, Pytorch or the HuggingFace library.
  • 🚩 Detect if one of your models has been used without consent.
  • 📈 Integrate watermark in your pipeline, with a negligible accuracy loss.

Installation

Simply run:

>>>  pip install .

How to use it

ML Model Watermarking acts as a wrapper for your model, provoding a range of techniques for watermarking your model as well as ownership detection function. After the watermarking phase, you can retrieve your model and save the ownership information.

>>> from mlmodelwatermarking.markface import TrainerWM

>>> trainer = TrainerWM(model=your_model)
>>> ownership = trainer.watermark()
>>> watermarked_model = trainer.get_model()

Later, it is possible verify if a given model has been stolen based on the ownership information

>>> from mlmodelwatermarking.marktorch import TrainerWM
>>> from mlmodelwatermarking.verification import verify

>>> trainer = TrainerWM(model=suspect_model, ownership=ownership)
>>> trainer.verify()
{'is_stolen': True, 'score': 0.88, 'threshold': 0.66}

References

The library implements several ideas presented in academic papers:

Technique
Scikit-learn
PyTorch
HuggingFace
Adi et al. ✔️
Zhang et al. ✔️ ✔️
Gu et al. ✔️
Merrer et al. ✔️
Yang et al. ✔️
Szyller et al. ✔️ ✔️
Lounici et al. ✔️ ✔️ ✔️
  1. Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring by Adi et al.
  2. Protecting Intellectual Property of Deep Neural Networks with Watermarking by Zhang et al.
  3. BadNets: Evaluating Backdooring Attacks on Deep Neural Networks by Gu et al.
  4. Adversarial frontier stitching for remote neural network watermarking by Merrer et al.
  5. Rethinking Stealthiness of Backdoor Attack against NLP Models by Yang et al.
  6. DAWN: Dynamic Adversarial Watermarking of Neural Networks by Szyller et al.
  7. Yes We can: Watermarking Machine Learning Models beyond Classification by Lounici et al.

Contributing

We invite your participation to the project through issues and pull requests. Please refer to the Contributing guidelines for how to contribute.

How to obtain support

You can open an issue.

Licensing

Copyright 2020-21 SAP SE or an SAP affiliate company and ml-model-watermarking contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.