Date of Award

Summer 2025

Access Type

Dissertation - Open Access

Degree Name

Doctor of Philosophy in Electrical Engineering & Computer Science

Department

Electrical Engineering and Computer Science

Committee Chair

Kenji Yoshigoe

Committee Chair Email

YOSHIGOK@erau.edu

First Committee Member

Omar Ochoa

First Committee Member Email

OCHOAO@erau.edu

Second Committee Member

Laxima Niure Kandel

Second Committee Member Email

NIUREKAL@erau.edu

Third Committee Member

Radu Babiceanu

Third Committee Member Email

radu.babiceanu@wmich.edu

Fourth Committee Member

Houbing Song

Fourth Committee Member Email

songh@umbc.edu

College Dean

James W. Gregory

Abstract

With the rapid expansion of machine learning (ML) technologies across diverse domains such as healthcare, finance, and autonomous systems, ensuring secure and trustworthy training methodologies has become more critical than ever. Proof-of-Learning (PoL) has recently emerged as a foundational mechanism for verifying the computational effort invested in training ML models, thereby certifying the authenticity and reproducibility of the training process. Yet PoL, when deployed in isolation, remains vulnerable to sophisticated spoofing attacks that manipulate its subset-verification pathways and tolerance parameters. In parallel, model watermarking has become indispensable for safeguarding intellectual property and detecting unauthorized model usage. Motivated by these complementary strengths, this dissertation proposes a robust dual-layer verification framework that integrates Proof-of-Learning (PoL) with three distinct watermarking strategies: feature-based embedding, parameter perturbation, and non-intrusive auxiliary heads, to provide comprehensive end-to-end security and integrity. We first systematically analyze existing PoL schemes and reveal how adversaries can replicate the computational trajectories of legitimate models and, under surrogate-training conditions, even approximate embedded watermarks. The enhanced PoL mechanism introduced here mitigates these vulnerabilities by coupling robust watermarking techniques with PoL's immutable training logs, thereby requiring attackers, even if they possess the watermark key, to reproduce both authentic logs and watermark-consistent ownership signals at a computational cost comparable to honest fine-tuning. Comprehensive experiments on the CIFAR-10 benchmark with ResNet-20 demonstrate that the integrated approach increases the computational effort required for successful blindfold Top-Q and infinitesimal-update attacks by more than an order of magnitude. Empirical results confirm the practical viability of the framework: feature-based watermarking preserved baseline accuracy with a change of +0.00 % pp, non-intrusive methods yielded a change of -0.03 % pp, and parameter perturbation incurred a change of -0.58 % pp, showcasing a clear fidelity-robustness trade-off. The computational overhead relative to standard PoL ranged from 0.6 % runtime for parameter perturbation to approximately 11–17 % runtime for the non-intrusive and feature-based schemes. In comparison, proof-log storage overhead remained below 12 MB. Extensive empirical analyses across watermark strengths, adversarial scenarios, and performance metrics substantiate that augmenting PoL with a flexible, multi-technique watermarking layer yields heightened security and robust resilience to spoofing attacks. While each watermarking strategy introduces distinct trade-offs in stealth, complexity, and fidelity, their integration achieves a practical balance between security hardening and deployment efficiency. By exposing critical weaknesses in prior PoL frameworks and providing cost-amplifying countermeasures, this dissertation positions the integrated PoL-watermarking framework as a blueprint for advancing secure, accountable, and tamper-evident ML systems. These findings guide future verification mechanisms safeguarding computational integrity and model ownership in next-generation ML deployments.

Additional Files
GS9_Acceptance signed and approved.pdf (393 kB)
Download

Share

COinS