Protecting Intellectual Property of EEG-based Model with Watermarking

Sharing learned models is crucial in research and the industry's rapid development and progress. Meanwhile, as the Intellectual Property (IP) of the model proposer, the learned high-performance models must be protected to avoid being illegally copied or redistributed by malicious users. Unfortunately, even though the field of Electroencephalography (EEG) has made significant progress and the models are becoming increasingly complex, more work still needs to be done on protecting EEG-based models. The damage caused by model stealing and attack on the brain-computer interface (BCI) is more severe than in other fields. In this paper, we propose a method that protects the IP of EEG-based models with watermarking for the first time. Watermarks are embedded into three representative EEG-based models by designing a trigger set. On the premise of not sacrificing the primary task's performance significantly, the models' legality can be verified remotely through the trigger set. Furthermore, we demonstrate that the proposed model protection method is robust to various anti-watermarking attacks, such as fine-tuning, transfer learning, pruning, and watermark overwriting.