The MPAI 2022 Calls for Technologies – Part 3 (Neural Network Watermarking)
Research, personnel, training and processing can bring the development costs of a neural network anywhere from a few thousand to a few hundreds of thousand dollars. Therefore, the AI industry needs a technology to ensure traceability and integrity not only of a neural network, but also of the content generated by it (so-called inference). The content industry facing a?similar problem, has used watermarking to?imperceptibly?and?persistently?insert a payload carrying,?e.g.,?owner ID, timestamp, etc. to signal the ownership of a content item. Watermarking can also be used by the AI industry.
The general requirements for using watermarking in neural networks are:
- The techniques shall not affect the performance of the neural network.
- The payload shall be recoverable even if the content was modified.
MPAI has classified the cases of watermarking use as follows:
- Identification of actors (i.e., neural network owner, customer, and end-user).
- Identification of the neural network model.
- Detecting the modification of a neural network.
This classification is depicted in Figure 1 and concerns the use of watermarking technologies in neural networks and is independent of the intended use.
Figure 1 – Classification of neural network watermarking uses
MPAI has identified the need for a standard – code name MPAI-NNW – enabling users to measure the performance of the following component of a watermarking technology:
- The ability of a watermark?inserter?to inject a payload without deteriorating the performance of the Neural Network.
- The ability of a?watermark?detector?to ascertain the presence and of a watermark?decoder?to retrieve the payload of the inserted watermark when applied to:
- A modified watermarked network (e.g., by transfer learning or pruning).
- An inference of the modified model.
- The computational cost (e.g., execution time) of a watermark?inserter?to inject a payload, a?watermark?detector/decoder?to detect/decode a payload from a watermarked model or from any of its inferences.
Figure 2 depicts the three watermarking components covered by MPAI-NNW.
Figure 2 – The three areas to be covered by MPAI-NNW
领英推è
MPAI has issued a Call to acquire the technologies for use in the standard. The list below is a subset of the requests contained in the call:
Use cases
- Comments on use cases.
Impact of the watermark on performance
- List of Tasks to be performed by the Neural Network (g.?classification task, speech generation, video encoding, …).
- Methods to measure the quality of the inference produced (g.?precision, recall, subjective quality evaluation, PSNR, …).
Detection/Decoding capability
- List of potential modifications that a watermark shall be robust against (g.?pruning, fine-tuning, …).
- Parameters and ranges of proposed modifications.
- Methods to evaluate the differences between the original and retrieved watermarks (g.,?Symbol Error Rate).
Processing cost
- Specification of the testing environments.
- Specification of the values characterizing the processing of Neural Networks.
Below are a few useful links for those wishing to know more about the MPAI-NNW Call for Technologies and how to respond to it:
- 1’30�video?(YouTube?and?non YouTube) illustrating functional requirements of MPAI-NNW V1.
- slides?presented at the online meeting on 2022/07/12.
- video registration of the online presentation (Youtube,?non-YouTube) made at that 12 July presentation
- Call for Technologies,?Use Cases and Functional Requirements,?Framework Licence?and?MPAI-NNW Template for responses.
The?MPAI secretariat?shall receive the responses to the MPAI-NNW Call for Technologies by 2022 October