Neural network costs and growing reliance have increased the demand for trust and accountability. Neural Network Traceability addresses this by ensuring models can be traced to their origins and verified for authenticity. Techniques like watermarking embed persistent metadata into a model, while fingerprinting extracts unique identifiers. The standards body MPAI has responded by launching the Neural Network Watermarking Development Committee, which created MPAI-NNW, a specification to evaluate traceability tools for robustness, cost, and performance across common AI tasks like classification and generation.
Over the course of the last decade, developers and organizations have deployed neural networks into an expanding variety of commercial and scientific domains. This expansion has introduced considerable costs, which manifest not only in financial terms but also in the extensive computational resources required, such as graphics processing units, central processing units, and dedicated memory. The time investment for training these complex models has also grown substantially. In parallel with this trend, the individuals and businesses that rely on services driven by these neural networks are increasingly demanding formal assurances regarding the quality and integrity of the service they receive.
(Source: MPAI)
The field of Neural Network Traceability offers a set of solutions to satisfy these dual requirements. This discipline provides a framework to ensure that a deployed neural network can be authentically traced back to its origin, and it furnishes the tools necessary for a system to detect any subsequent tampering or unauthorized modifications.
One prominent approach, which draws its foundational concepts from the world of digital multimedia protection, is known as watermarking. This discipline encompasses a range of methodological and application tools that allow a developer to imperceptibly and persistently insert specific metadata, often called a payload, directly into the architecture of an original neural network model. At a later point in time, detecting or decoding this embedded metadata from the model itself or from any of its inferences provides a concrete means to trace the model’s source and to formally verify its authenticity.
An additional traceability technology is fingerprinting. This concept relates to a separate family of methodological and applicative tools that function by extracting certain salient information from the original neural network model. This extracted data serves as a unique signature, or a fingerprint. Subsequently, an organization can identify that specific model with confidence based on a comparison with the extracted information.
Therefore, the standards organization MPAI has identified the application area it calls “Neural Network Watermarking” as a relevant field for its standardization efforts. This decision is based on a clear industry need for both types of Neural Network Traceability technologies. There is also a corresponding requirement to develop standardized methods for assessing the performance and reliability of such technologies to ensure they function as intended.
The Moving Picture, Audio and Data Coding by Artificial Intelligence (MPAI) organization has a proposal and set of guidelines for implementing traceability in film and other media, which could be applied to the hardware engines (like GPUs) used to produce such media. It would also provide traceability through LLMs.
In response to such possibilities, MPAI has established the Neural Network Watermarking Development Committee (NNW-DC). The committee has developed Technical Specification: Neural Network Watermarking (MPAI-NNW) – Traceability (NNW-NNT) V1.0. This specifies methods to evaluate the following aspects of active (Watermarking) and passive (Fingerprinting) Neural Network Traceability methods:
Figure 1. AI-generated or processed information services. (Source: MPAI)
MPAI NNT is relevant for services and applications benefitting from one or several conventional NN tasks such as:
An example is a traceable newsletter service (Figure 1) that covers situations where an end user subscribes to a newsletter generated by a generative AI service (provided by an NN customer), based on the end user’s profile. In such cases, a malicious user might attempt to tamper with the creation of the personalized content or modify it during transmission.
An additional traceability technology is fingerprinting that relates to a family of methodological and applicative tools allowing to extract some salient information from the original NN model (a fingerprint) and to subsequently identify that model based on the extracted information.
Therefore, MPAI has found the application area of Neural Network Watermarking to be relevant for MPAI standardization, as there is a need for both Neural Network Traceability technologies and for assessing the performances of such technologies.
LIKE WHAT YOU’RE READING? INTRODUCE US TO YOUR FRIENDS AND COLLEAGUES.