US 12,346,417 B2
Method for watermarking a machine learning model
Wilhelmus Petrus Adrianus Johannus Michiels, Reusel (NL); Jan Hoogerbrugge, Helmond (NL); and Frederik Dirk Schalij, Eindhoven (NL)
Assigned to NXP B.V., Eindhoven (NL)
Filed by NXP B.V., Eindhoven (NL)
Filed on Jul. 6, 2023, as Appl. No. 18/347,740.
Prior Publication US 2025/0013721 A1, Jan. 9, 2025
Int. Cl. G06F 21/16 (2013.01)
CPC G06F 21/16 (2013.01) 20 Claims
OG exemplary drawing
 
1. A method for watermarking a machine learning model (ML), the method comprising:
selecting a plurality of input samples from a set of training data to use for embedding a watermark into the ML model;
generating a sequence of bits;
dividing the sequence of bits into a set of chunks of bits;
dividing the selected plurality of input samples into subsets of input samples;
labeling all of the input samples of each subset of the subsets of input samples with a first label selected from a plurality of first labels in a problem domain of the ML model to produce labeled subsets of input samples;
combining each chunk of the set of chunks of bits with a different subset of the labeled subsets of input samples to produce a plurality of sets of labeled trigger samples;
relabeling each trigger sample of each set of the plurality of sets of labeled trigger samples to have a second label that is different from the first label and is in the problem domain of the ML model to produce a relabeled set of trigger samples; and
training the ML model with the labeled subsets of input samples and the relabeled set of trigger samples to produce a watermarked ML model.