核心概念
RobWE provides a robust watermark embedding scheme to protect personalized models in federated learning, outperforming existing methods.
要約
RobWE introduces a novel watermark embedding approach to safeguard ownership of personalized models in federated learning. The scheme decouples the embedding process into head layer and representation layer, ensuring client privacy and model aggregation compatibility. By employing watermark slice embedding and tamper detection mechanisms, RobWE achieves superior fidelity, reliability, and robustness compared to state-of-the-art schemes.
統計
RobWE significantly outperforms existing watermark embedding schemes in terms of fidelity, reliability, and robustness.
The accuracy of the main task remains high even with the maximum number of watermarked bits.
Watermark detection rates are stable and effective under various Non-IID settings.
Detection performance against malicious clients is consistently high with low false positive rates.