Protecting the intellectual property of machine learning models is a hot topic and many watermarking schemes for deep neural networks have been proposed in the literature. Unfortunately, prior work largely neglected the investigation of watermarking techniques for other types of models, including decision tree ensembles, which are a state-of-the-art model for classification tasks on non-perceptual data. In this paper, we present the first watermarking scheme designed for decision tree ensembles, focusing in particular on random forest models. We discuss watermark creation and verification, presenting a thorough security analysis with respect to possible attacks. We finally perform an experimental evaluation of the proposed scheme, showing excellent results in terms of accuracy and security against the most relevant threats.

翻译：保护机器学习模型的知识产权已成为热点研究课题，文献中已提出多种针对深度神经网络的水印方案。然而，现有研究大多忽视了对其他类型模型水印技术的探索，包括决策树集成模型——这类模型在非感知数据分类任务中处于技术前沿。本文提出了首个专为决策树集成模型设计的水印方案，特别聚焦于随机森林模型。我们系统阐述了水印的生成与验证机制，并针对潜在攻击进行了全面的安全性分析。最后通过实验评估验证了所提方案的优越性，在分类精度和抵御关键威胁的安全性方面均表现出卓越性能。