Digital watermark: IBM wants to protect the IA models

Models for artificial intelligence must be protected from unauthorized duplication. IBM has developed a process and filed a patent application.

Compared to its long decline sales, the US computer company IBM is increasingly supporting artificial intelligence (AI) services, for example the Watson Digital Assistant is popular. However, providing IA models for specific tasks or skills can sometimes be expensive and expensive, which is why the company wants to protect IP against such developments. Several IBM researchers have now unveiled and patented a process based on well-known digital watermarks, such as images or videos.

Protecting the Ownership of Deep Neural Network Models

The seven researchers are working on their AsiaCCS project project & # 39; 18 presented in South Korea (also in paper version). It is able to mark AI models for deep neural networks (DNN). A few simple API calls are used to determine if a template is watermarked and thus protected.

Your approach can highlight a DNN model in three ways: Either specific data is transferred to the DNN with the drive data or it adds trivial content or simple noise.

Initially only internal use

The approach is not new, write the researchers, but previous attempts to watermark KI models needed to access the template settings. Your approach works "from the outside" via an API call. However, it does not offer any protection against the exploration of a model via the API Predicition – but this applies anyway only to conventional machine learning algorithms with few model parameters. In addition, their tattooing method is immune to some well-known methods for removing these markings.

Researchers have pending their development for a patent and intend to use it internally at IBM and possibly offer it to customers as a service. )