The article introduces StegGuard, a novel fingerprinting mechanism designed to verify the ownership of pre-trained encoders using steganography. The unique transformation from an image to an embedding, conducted by a pre-trained encoder, can equivalently expose how an embeder embeds secrets into images and how an extractor extracts these secrets. The mechanism is robust against various model stealing related attacks like model extraction, fine-tuning, pruning, embedding noising and shuffle. The article suggests that this can help protect intellectual property and is particularly useful in the context of ‘Encoder as a Service’.
Publication date: 6 Oct 2023
Project Page: Not provided
Paper: https://arxiv.org/pdf/2310.03380
