IEEE Access (Jan 2024)

Enhancing Security of Proof-of-Learning Against Spoofing Attacks Using Feature-Based Model Watermarking

  • Ozgur Ural,
  • Kenji Yoshigoe

DOI
https://doi.org/10.1109/ACCESS.2024.3489776
Journal volume & issue
Vol. 12
pp. 169567 – 169591

Abstract

Read online

The rapid advancement of machine learning (ML) technologies necessitates robust security frameworks to protect the integrity of ML model training processes. Proof-of-Learning (PoL) is a critical method for verifying the computational effort in training ML models, while model watermarking is a strategy for asserting model ownership. This research integrates PoL with feature-based model watermarking, embedding the watermark directly into the model’s features or parameters. This integration mitigates security risks associated with external key management and reduces computational overhead by eliminating the need for complex verification procedures. Our proposed dual-layered verification architecture embeds unique watermarks during the training phase. It records them alongside PoL proofs, enhancing security against sophisticated spoofing attacks where adversaries attempt to mimic a model’s computational trajectory and watermark. This approach addresses critical challenges, including maintaining watermark robustness and balancing security with model performance. Through a comprehensive analysis, we identify vulnerabilities in existing PoL systems and demonstrate how feature-based watermarking can enhance security. We present a secure PoL mechanism, supported by empirical validation, that significantly improves resilience to spoofing attacks. This advancement represents a crucial step towards securing ML models, paving the way for future research to protect diverse ML applications from various threats.

Keywords