EmMark: Robust Watermarks for IP Protection of Embedded Quantized Large Language Models

• URL: http://arxiv.org/abs/2402.17938v1
• Date: Tue, 27 Feb 2024 23:30:17 GMT
• Title: EmMark: Robust Watermarks for IP Protection of Embedded Quantized Large Language Models
• Authors: Ruisi Zhang, Farinaz Koushanfar
• Abstract summary: This paper introduces EmMark, a novel watermarking framework for protecting the intellectual property (IP) of embedded large language models deployed on resource-constrained edge devices. To address the IP theft risks posed by malicious end-users, EmMark enables proprietors to authenticate ownership by querying the watermarked model weights and matching the inserted signatures.
• Score: 21.28690053570814
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: This paper introduces EmMark,a novel watermarking framework for protecting the intellectual property (IP) of embedded large language models deployed on resource-constrained edge devices. To address the IP theft risks posed by malicious end-users, EmMark enables proprietors to authenticate ownership by querying the watermarked model weights and matching the inserted signatures. EmMark's novelty lies in its strategic watermark weight parameters selection, nsuring robustness and maintaining model quality. Extensive proof-of-concept evaluations of models from OPT and LLaMA-2 families demonstrate EmMark's fidelity, achieving 100% success in watermark extraction with model performance preservation. EmMark also showcased its resilience against watermark removal and forging attacks.

Related papers

• Improved Unbiased Watermark for Large Language Models [59.00698153097887]
  We introduce MCmark, a family of unbiased, Multi-Channel-based watermarks. MCmark preserves the original distribution of the language model. It offers significant improvements in detectability and robustness over existing unbiased watermarks.
  arXiv  Detail & Related papers  (2025-02-16T21:02:36Z)
• De-mark: Watermark Removal in Large Language Models [59.00698153097887]
  We present De-mark, an advanced framework designed to remove n-gram-based watermarks effectively. Our method utilizes a novel querying strategy, termed random selection probing, which aids in assessing the strength of the watermark.
  arXiv  Detail & Related papers  (2024-10-17T17:42:10Z)
• NSmark: Null Space Based Black-box Watermarking Defense Framework for Language Models [24.544014337601286]
  Language models (LMs) have emerged as critical intellectual property (IP) assets that necessitate protection. This paper analyzes and extends the attack scenarios of Linear Functionality Equivalence Attack (LFEA) to the commonly employed black-box settings for LMs. We propose NSmark, a black-box watermarking scheme that is task-agnostic and capable of resisting LL-LFEA attacks.
  arXiv  Detail & Related papers  (2024-10-16T14:45:27Z)
• ModelShield: Adaptive and Robust Watermark against Model Extraction Attack [58.46326901858431]
  Large language models (LLMs) demonstrate general intelligence across a variety of machine learning tasks. adversaries can still utilize model extraction attacks to steal the model intelligence encoded in model generation. Watermarking technology offers a promising solution for defending against such attacks by embedding unique identifiers into the model-generated content.
  arXiv  Detail & Related papers  (2024-05-03T06:41:48Z)
• ICMarks: A Robust Watermarking Framework for Integrated Circuit Physical Design IP Protection [19.359996725500512]
  ICMarks is a quality-preserving and robust watermarking framework for modern IC physical design. We show ICMarks incurs no wirelength and timing metrics degradation, while successfully proving ownership.
  arXiv  Detail & Related papers  (2024-04-29T03:52:53Z)
• TrustMark: Universal Watermarking for Arbitrary Resolution Images [21.74309490023683]
  Imperceptible digital watermarking is important in copyright protection, misinformation prevention and responsible generative GAN. We propose a GAN-based watermarking method with novel design in architecture and introduce TrustMark-RM - a watermark remover method. Our methods achieve state-of-art performance on 3 benchmarks comprising arbitrary encoded images.
  arXiv  Detail & Related papers  (2023-11-30T07:03:36Z)
• ClearMark: Intuitive and Robust Model Watermarking via Transposed Model Training [50.77001916246691]
  This paper introduces ClearMark, the first DNN watermarking method designed for intuitive human assessment. ClearMark embeds visible watermarks, enabling human decision-making without rigid value thresholds. It shows an 8,544-bit watermark capacity comparable to the strongest existing work.
  arXiv  Detail & Related papers  (2023-10-25T08:16:55Z)
• A Resilient and Accessible Distribution-Preserving Watermark for Large Language Models [65.40460716619772]
  Our research focuses on the importance of a textbfDistribution-textbfPreserving (DiP) watermark. Contrary to the current strategies, our proposed DiPmark simultaneously preserves the original token distribution during watermarking. It is detectable without access to the language model API and prompts (accessible), and is provably robust to moderate changes of tokens.
  arXiv  Detail & Related papers  (2023-10-11T17:57:35Z)
• Unbiased Watermark for Large Language Models [67.43415395591221]
  This study examines how significantly watermarks impact the quality of model-generated outputs. It is possible to integrate watermarks without affecting the output probability distribution. The presence of watermarks does not compromise the performance of the model in downstream tasks.
  arXiv  Detail & Related papers  (2023-09-22T12:46:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.