EP-4374269-B1 - A METHOD AND A SYSTEM FOR CHECKING OWNERSHIP AND INTEGRITY OF AN AI MODEL USING DISTRIBUTED LEDGER TECHNOLOGY (DLT)

Inventors

• PARMAR, MANOJKUMAR SOMABHAI
• DABHI, Shrey Arvind
• ANJALI, Sunder Naik
• YASH, Mayurbhai Thesia

Dates

Publication Date

20260506

Application Date

20220715

Claims (8)

1. A method (100) for determining ownership and integrity of an artificial intelligence, Al, model using distributed ledger technology, DLT, the method performed by means of a system comprising the Al model and a plurality of processing nodes linked by a distributed ledger, DL, over a network, the method comprising: embedding (101) a digital watermark in the AI model during training of the AI model using a first watermark data and a predefined output of the first watermark data; characterized in that , the method comprises: generating (102) a full checksum and at least one selective checksum of the Al model; registering (103) the AI model on the DL by uploading the full checksum, the at least one selective checksum, the first watermark data and at least the predefined output of first data; the watermark receiving, upon registering (103) the AI model on the DL, a unique model identification, ID, of the Al model; receiving (104) the Al model, the unique model ID of the Al model and at least the first watermark data as an input; checking (105) for registration of the AI model by matching the received unique model ID of the Al model with a stored model ID on the DL; processing (106) the first watermark data to get a processed output and matching the processed output with the predefined output of the first watermark data; verifying (107) the full checksum and the at least one of the selective checksum of the AI model, wherein the at least one selective checksum is verified only if the verification of the full checksum fails; if the verification of the full checksum fails: calculating (108) a rate of error for the Al model based on the verification (107) of the at least one selective checksum; determining (109) the integrity of the Al model based on the calculated (108) rate of error.
2. The method as claimed in claim 1, wherein a matching of unique model ID of the Al model and the processing of the first watermark data indicates a positive acknowledgment of the ownership of the Al model.
3. The method as claimed in claim 2, wherein the positive acknowledgment of the ownership and the verification (107) of the full checksum indicates complete integrity of the Al model.
4. The method as claimed in claim 1, wherein the rate of error decides a partial or no integrity of the Al model suggestive of tampering of the AI model.
5. A system for determining ownership and integrity of an artificial intelligence, Al, model using distributed ledger technology, DLT, the system comprising: a plurality of processing nodes linked by a distributed ledger, DL, over a network and the AI model embedded with a digital watermark during training of the AI model using a first watermark data and a predefined output of the first watermark data, characterized in that , the system is configured to: generate full checksum and at least one selective checksum of the Al model; register the AI model on the DL by uploading the full checksum, the at least one selective checksum, the first watermark data and at least the predefined output of the first watermark data; receive, upon registering the Al model on the DL, a unique model identification, ID, of the Al model; receive the Al model, Z the unique model ID of the Al model and at least the first watermark data as an input; check for registration of the AI model by matching the received unique model ID of the AI model with a stored model ID on the DL; process the first watermark data to get a processed output and matching the processed output with the predefined output of the first watermark data; verify the full checksum and the at least one of the selective checksum of the AI model, wherein the at least one selective checksum is verified only if the verification of the full checksum fails; if the verification of the full checksum fails: calculate a rate of error for the Al model based on the verification of the selective checksum; determine the integrity of the Al model based on the calculated rate of error.
6. The system as claimed in claim 5, wherein a matching of the unique model ID of the AI model and the processing of the first watermark data indicates a positive acknowledgment of the ownership of the Al model.
7. The system as claimed in claim 6, wherein the positive acknowledgment of the ownership of the AI model and the verification of the full checksum indicates complete integrity of the Al model.
8. The system as claimed in claim 5, wherein the rate of error decides a partial or no integrity of the Al model suggestive of tampering of the AI model.

Description

The following specification describes and ascertains the nature of this invention and the manner in which it is to be performed. Field of the invention The present disclosure relates to a method of checking integrity and provenance of an Al model using distributed ledger technology (DLT) and a system thereof. Background of the invention With the advent of data science, data processing and decision making systems are implemented using artificial intelligence modules. The artificial intelligence modules use different techniques like machine learning, neural networks, deep learning etc. Most of the Al based systems, receive large amounts of data and process the data to train Al models. Trained Al models generate output based on the use cases requested by the user. Typically the Al systems are used in the fields of computer vision, speech recognition, natural language processing, audio recognition, healthcare, autonomous driving, manufacturing, robotics etc. where they process data to generate required output based on certain rules/intelligence acquired through training. To process the inputs and give a desired output, the Al systems use various models/algorithms which are trained using the training data. Once the Al system is trained using the training data, the Al systems use the models to process the data and generate appropriate result. The models in the AI systems form the core of the system. Lots of effort, resources (tangible and intangible), and knowledge goes into developing these models. It is possible that some adversary may try to steal/extract or modify the Al model when they are deployed in a public domain. Hence there is a need to ascertain the ownership and integrity of the Al model. Further in safety-critical systems, it is also pertinent to ascertain if the model running in the system is intended one or has been tampered with beyond repairable extent. There are methods known in the prior arts about leveraging neural network plasticity to embed watermarks to prove its origin or ownership. Patent application US2019370440 AA titled "Protecting deep learning models using watermarking" discloses a framework to accurately and quickly verify the ownership of remotely deployed deep learning models is provided without affecting model accuracy for normal input data. The approach involves generating a watermark, embedding the watermark in a local deep neural network (DNN) model by learning, namely, by training the local DNN model to learn the watermark and a predefined label associated therewith, and later performing a black-box verification against a remote service that is suspected of executing the DNN model without permission. The predefined label is distinct from a true label for a data item in training data for the model that does not include the watermark. Black-box verification includes simply issuing a query that includes a data item with the watermark, and then determining whether the query returns the predefined label. However, there is a need to not only verify the ownership and origin but also the integrity of an Al model. "DLBC: A Deep Learning-Based Consensus in Blockchains for Deep Learning Services" by Boyang Li et al. (arXiv: 1904.07349) is also relevant prior art. Brief description of the accompanying drawings An embodiment of the invention is described with reference to the following accompanying drawings: Figure 1 illustrates method steps for checking ownership and integrity of an Al model using distributed ledger technology (DLT);Figure 2 depicts the proposed system architecture for checking integrity of an Al model using distributed ledger technology (DLT) and a flow chart thereof. Detailed description of the drawings Some important aspects of the Al technology and Al systems can be explained as follows. Depending on the architecture of the implements AI systems may include many components. One such component is an Al module. An Al module with reference to this disclosure can be explained as a component which runs a model. A model can be defined as reference or an inference set of data, which is use different forms of correlation matrices. Using these models and the data from these models, correlations can be established between different types of data to arrive at some logical understanding of the data. A person skilled in the art would be aware of the different types of Al models such as linear regression, naïve bayes classifier, support vector machine, neural networks and the like. A person skilled in the art will also appreciate that the Al module may be implemented as a set of software instructions, combination of software and hardware or any combination of the same. Some of the typical tasks performed by Al systems are classification, clustering, regression etc. Majority of classification tasks depend upon labeled datasets; that is, the data sets are labelled manually in order for a neural network to learn the correlation between labels and data. This is known as supervised le