ArmSSL: Adversarial Robust Black-Box Watermarking for SSL Encoders
A new framework called ArmSSL addresses intellectual property protection for self-supervised learning (SSL) encoders. It enables black-box ownership verification when stolen encoders are used in downstream tasks, while being robust against adversarial watermark detection or removal. The method introduces paired discrepancy enlargement to enforce feature-space orthogonality between clean and watermark samples, and integrates latent representation entanglement for adversarial robustness. This work is published on arXiv (2604.22550).
Key facts
- ArmSSL is a watermarking framework for SSL pre-trained encoders.
- It provides black-box verifiability and adversarial robustness.
- Paired discrepancy enlargement enforces feature-space orthogonality.
- Latent representation entanglement enhances adversarial robustness.
- Published on arXiv with ID 2604.22550.
- Addresses IP protection for SSL encoders.
- Watermark samples form a distinguishable OOD cluster.
- No prior SSL watermarking met both requirements simultaneously.
Entities
Institutions
- arXiv