关键词: 边缘计算, 联邦学习, 深度神经网络, 模型版权保护, 数字水印

Abstract: With the integration of edge computing frameworks and federated learning protocols, an increasing number of copyright protection methods for deep learning models have been proposed. However, solely verifying ownership from the senders perspective does not provide assistance to the receiver. Numerous studies have indicated that in client-edge-cloud federated learning systems, malicious users attempt to gain access to public models without contributing or even poison the public models. Therefore, it is necessary to provide a model ownership verification scheme for the receiver. Building upon existing neural network watermarking schemes, this paper proposes a dual-verification model watermarking scheme based on certification files. It introduces a certification file generation step and implements dual ownership verification of the model through adjustments in the model structure. The feasibility, robustness, and improvement in watermark embedding rate of the scheme are verified through experiments.

Key words: edge computing, federated learning, deep neural network, model copyright protection, digital watermarking