Shared DNN Model Ownership Verification in Cross-Silo Federated Learning: A GAN-Based Watermark Approach

Cross-silo federated learning, as a distributed learning paradigm, allows clients to collaboratively train an artificial intelligence (AI) model and jointly share the model ownership without local data transfer or exposure. However, the valuable AI models are facing fatal intellectual property (IP) infringement threats when offering AI services. Existing researches on IP protection mainly focus on the centralized models (i.e., single ownership), but leave federated models (i.e., shared ownership) unexplored. In this paper, we propose IPSF, a novel shared IP protection framework with all-round verification for multiple owners under cross-silo federated learning. Specifically, instead of embedding private watermarks individually, we adopt joint watermarks and soft labels as a conjoint fingerprint, and present a watermark generative adversarial network (WM-GAN) mechanism to fuse private watermarks and facilitate the integrated verification. We also design a diversity- and similarity-oriented assessment mechanism to support mutual evaluation between private and joint watermarks. Through the designed assessment mechanism, the correlation and variability between private and joint watermarks are dynamically maintained to ensure the stability of WM-GAN and the fairness among users in verification. Extensive experiments validates that our IPSF achieves desirable fidelity and high robustness under attacks.