Skip to main content

ML Model Watermarking

Project description

Hurl LogoHurl Logo

REUSE LICENSE

Protect your machine learning models easily and securely with watermarking :key:


The concept of digital watermarking has been known for 30 years, mainly for image and audio contents. The goal is to insert a unique, hidden and non-removable signal in the original content, to be used as an identifier. If a thief steals a content, the original owner can still prove his/her ownership. ML Model Watermarking offers basic primitives for researchers and machine learning enthusiasts to watermark their models, without advanced knowledge of underlying concepts.

  • :book: Watermark models on various tasks, such as image classification or sentiment analysis, with a compatibility with the main Machine Learning frameworks like Scikit-learn, Pytorch or the HuggingFace library.
  • :triangular_flag_on_post: Detect if one of your models has been used without consent.
  • :chart_with_upwards_trend: Integrate watermark in your pipeline, with a negligible accuracy loss.

Installation

Simply run:

>>>  pip install .

How to use it

ML Model Watermarking acts as a wrapper for your model, provoding a range of techniques for watermarking your model as well as ownership detection function. After the watermarking phase, you can retrieve your model and save the ownership information.

>>> from mlmodelwatermarking.markface import TrainerWM

>>> trainer = TrainerWM(model=your_model)
>>> ownership = trainer.watermark()
>>> watermarked_model = trainer.get_model()

Later, it is possible verify if a given model has been stolen based on the ownership information

>>> from mlmodelwatermarking.marktorch import TrainerWM
>>> from mlmodelwatermarking.verification import verify

>>> trainer = TrainerWM(model=suspect_model, ownership=ownership)
>>> trainer.verify()
{'is_stolen': True, 'score': 0.88, 'threshold': 0.66}

References

The library implements several ideas presented in academic papers:

Technique
Scikit-learn
PyTorch
HuggingFace
Adi et al. :heavy_check_mark:
Zhang et al. :heavy_check_mark: :heavy_check_mark:
Gu et al. :heavy_check_mark:
Merrer et al. :heavy_check_mark:
Yang et al. :heavy_check_mark:
Szyller et al. :heavy_check_mark: :heavy_check_mark:
Lounici et al. :heavy_check_mark: :heavy_check_mark: :heavy_check_mark:
  1. Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring by Adi et al.
  2. Protecting Intellectual Property of Deep Neural Networks with Watermarking by Zhang et al.
  3. BadNets: Evaluating Backdooring Attacks on Deep Neural Networks by Gu et al.
  4. Adversarial frontier stitching for remote neural network watermarking by Merrer et al.
  5. Rethinking Stealthiness of Backdoor Attack against NLP Models by Yang et al.
  6. DAWN: Dynamic Adversarial Watermarking of Neural Networks by Szyller et al.
  7. Yes We can: Watermarking Machine Learning Models beyond Classification by Lounici et al.

Contributing

We invite your participation to the project through issues and pull requests. Please refer to the Contributing guidelines for how to contribute.

How to obtain support

You can open an issue.

Licensing

Copyright 2020-21 SAP SE or an SAP affiliate company and ml-model-watermarking contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

mlmodelwatermarking-0.0.1-py3-none-any.whl (16.9 MB view details)

Uploaded Python 3

File details

Details for the file mlmodelwatermarking-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: mlmodelwatermarking-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 16.9 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.8.2 requests/2.25.1 setuptools/41.4.0 requests-toolbelt/0.9.1 tqdm/4.64.0 CPython/3.5.3

File hashes

Hashes for mlmodelwatermarking-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 62529b85d1e7d552b76a4238f8385ba9d2e36a05c1037efe41d1390c93e04f63
MD5 17e828f01c728587157a5c280758e303
BLAKE2b-256 09d88df8c44bf6de1c30c8ac1f4343d5ef2060cbecd387335877122b2aa290ad

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page