Robust Watermarking in Federated Learning for Tabular Data with Attribution Capabilities

Protecting copyright in distributed learning is a challenge. Watermarking has emerged as a technique to safeguard deep neural networks, embedding distinctive signatures within model parameters or outputs to enable reliable ownership verification. Prevailing watermarking schemes address the ownership verification problems by mandating explicit client cooperation or assuming a trustworthy server. However, the empirical validation of these methods has focused exclusively on image-classification tasks, neglecting tabular datasets. This thesis proposes a robust algorithm for watermarking in federated learning for tabular data with attribution capabilities. Our approach embeds verifiable ownership signals directly into the global model while respecting the rigorous efficiency constraints characteristic of distributed and privacy-aware training. Our solution mimic existing watermarking algorithms designed for image classification, augmenting them with a data-independent strategy, more suitable for models trained on time-series and tabular data. Our solution also adds a traceability mechanism by embedding client-specific fingerprints in the model weights, enabling not only ownership verification upon model leakage but also the identification of the ownership violator. Our proposed approach reduces the watermark-embedding time by more than half compared to the state of the art, while preserving a stable verification signal over successive communication rounds. The additional computational burden is minimal, and it incurs only approximately a 10% reduction in model accuracy. Moreover, the embedded backdoor remains resilient to post-training attacks such as pruning and fine-tuning, except in scenarios requiring extensive collaboration among numerous clients, a condition that would undermine the purpose of the federated learning framework itself.