Federated learning is an emerging privacy-preserving distributed machine learning that enables multiple parties to collaboratively learn a shared model while keeping each party's data private. However, federated learning faces two main problems: semi-honest server privacy inference attacks and malicious client-side model theft. To address privacy inference attacks, parameter-based encrypted federated learning secure aggregation can be used. To address model theft, a watermark-based intellectual property protection scheme can verify model ownership. Although watermark-based intellectual property protection schemes can help verify model ownership, they are not sufficient to address the issue of continuous model theft by uncaught malicious clients in federated learning. Existing IP protection schemes that have the ability to track traitors are also not compatible with federated learning security aggregation. Thus, in this paper, we propose a Federated Client-side Intellectual Property Protection (FedCIP), which is compatible with federated learning security aggregation and has the ability to track traitors. To the best of our knowledge, this is the first IP protection scheme in federated learning that is compatible with secure aggregation and tracking capabilities.

翻译：联邦学习是一种新兴的隐私保护分布式机器学习方法，允许多方在不泄露各自数据的前提下协同训练共享模型。然而，联邦学习面临两大核心问题：半诚实服务器的隐私推理攻击与恶意客户端的模型窃取。针对隐私推理攻击可采用基于参数加密的联邦学习安全聚合方案；针对模型窃取则可用基于水印的知识产权保护机制验证模型所有权。虽然基于水印的知识产权保护方案能辅助模型所有权验证，但尚不足以解决联邦学习中未被捕获的恶意客户端持续窃取模型的问题。现有具备叛徒追踪能力的知识产权保护方案亦无法与联邦学习安全聚合兼容。为此，本文提出一种与联邦学习安全聚合相兼容且具备叛徒追踪能力的联邦客户端知识产权保护方案（FedCIP）。据我们所知，这是联邦学习领域首个同时兼容安全聚合与追踪功能的知识产权保护方案。