MadS&P Weekly Seminar
[MadS&P Guest Speaker - Hengrui (Nick) Jia] Ownership Resolution in ML: Who is the Owner of an ML Model?
Event Details
Abstract
As valuable intellectual property (IP), machine learning models are vulnerable to model stealing attacks due to inevitable information leakage when queried. Such attacks not only violate the IP rights of the model trainers but also serve as a potential reconnaissance step for further attacks. In this talk, I will present some of our findings while taxonomizing the space of model ownership mechanisms based on the model information they rely on: either model predictions, model parameters, or a combination of both. I will walk through our works on entangled watermarks, proof-of-learning, and the zest model distance which correspond to the aforementioned angles respectively.
Bio
Hengrui (Nick) Jia is a PhD student at the CleverHans Lab at the Vector Institute and University of Toronto, advised by Prof. Nicolas Papernot. His research interests are at the intersection of security and machine learning, or trustworthy machine learning. He is also a recipient of the Vector Scholarship in AI, the Mary H. Beatty Fellowship, and the Ontario Graduate Scholarship.