Model Protection

Model protection research focuses on safeguarding the intellectual property of trained machine learning models, particularly deep neural networks and large language models, from theft or unauthorized use. Current approaches explore techniques like watermarking (embedding unique identifiers into model outputs or parameters), model locking (degrading model performance without the correct key), and architectural defenses (modifying model structure or training process to hinder extraction). These methods aim to balance strong protection against unauthorized access with minimal impact on model performance and usability, impacting the security and commercial viability of AI technologies.

Papers

November 1, 2024

DeepCore: Simple Fingerprint Construction for Differentiating Homologous and Piracy Models
Haifeng Sun, Lan Zhang, Xiang-Yang Li
Black Box Model Model Protection

October 16, 2024

CoreGuard: Safeguarding Foundational Capabilities of LLMs Against Model Stealing in Edge Deployment
Qinfeng Li, Yangfan Xie, Tianyu Du, Zhiqiang Shen, Zhenghan Qin, Hao Peng, Xinkui Zhao, Xianwei Zhu, Jianwei Yin, Xuhong Zhang
Large Language Model Full Model Capability Evolution Edge Deployment Model Protection Proprietary Large Language Model

September 15, 2024

PersonaMark: Personalized LLM watermarking for model protection and user attribution
Yuehan Zhang, Peizhuo Lv, Yinpeng Liu, Yongqiang Ma, Wei Lu, Xiaofeng Wang, Xiaozhong Liu, Jiawei Liu
Text Watermarking Model Protection LLM Personalization User Identification

May 25, 2024

ModelLock: Locking Your Model With a Spell
Yifeng Gao, Yuhua Sun, Xingjun Ma, Zuxuan Wu, Yu-Gang Jiang
Full Model Private Model Diffusion Based Framework Model Protection Spell Variation

May 8, 2024

Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution
Shuo Shao, Yiming Li, Hongwei Yao, Yiling He, Zhan Qin, Kui Ren
Backdoor Attack Line by Line Explanation Attribution Map Model Watermarking Model Protection Watermarking Scheme Novel Watermarking Model Ownership Verification

May 7, 2024

TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments
Ziyu Liu, Tong Zhou, Yukui Luo, Xiaolin Xu
DNN Model State of the Art Defense Trusted Execution Environment Model Protection

April 17, 2024

TransLinkGuard: Safeguarding Transformer Models Against Model Stealing in Edge Deployment
Qinfeng Li, Zhiqiang Shen, Zhenghan Qin, Yangfan Xie, Xuhong Zhang, Tianyu Du, Jianwei Yin
Transformer Model Model Stealing Edge Model Lightweight Framework Edge Deployment Model Protection Proprietary Large Language Model

February 23, 2024

Generative Models are Self-Watermarked: Declaring Model Authentication through Re-Generation
Aditya Desu, Xuanli He, Qiongkai Xu, Wei Lu
Generative Model Faithful Generation Generated Content Agnostic Watermarking Ownership Verification Model Protection Dataset Ownership Verification

February 22, 2024

Double-I Watermark: Protecting Model Copyright for LLM Fine-tuning
Shen Li, Liuyi Yao, Jinyang Gao, Lan Zhang, Yaliang Li
LLM Fine Tuning Model Protection

February 4, 2024

Copyright Protection in Generative AI: A Technical Perspective
Jie Ren, Han Xu, Pengfei He, Yingqian Cui, Shenglai Zeng, Jiankun Zhang, Hongzhi Wen, Jiayuan Ding, Hui Liu, Yi Chang, Jiliang Tang
Generative Model Generative AI Copyright Protection Model Protection

December 5, 2023

Model Copyright Protection in Buyer-seller Environment
Yusheng Guo, Nan Zhong, Zhenxing Qian, Xinpeng Zhang
Deep Neural Network Neural Network Model Model Protection Input Adaptation

July 21, 2023

CopyRNeRF: Protecting the CopyRight of Neural Radiance Fields
Ziyuan Luo, Qing Guo, Ka Chun Cheung, Simon See, Renjie Wan
Neural Radiance Field Copyright Protection Model Protection

April 28, 2023

NNSplitter: An Active Defense Solution for DNN Model via Automated Weight Obfuscation
Tong Zhou, Yukui Luo, Shaolei Ren, Xiaolin Xu
Deep Neural Network Intellectual Property Protection Model Protection Gradient Obfuscation Active Defense

March 18, 2023

FedRight: An Effective Model Copyright Protection for Federated Learning
Jinyin Chen, Mingjun Li, Mingjun Li, Haibin Zheng
Adversarial Example Model Protection Live Fingerprint

October 7, 2022

Distillation-Resistant Watermarking for Model Protection in NLP
Xuandong Zhao, Lei Li, Yu-Xiang Wang
Entity Recognition NLP Field Natural Language Processing Model NLP Model Model Protection

August 18, 2022

Private, Efficient, and Accurate: Protecting Models Trained by Multi-party Learning with Differential Privacy
Wenqiang Ruan, Mingxin Xu, Wenjing Fang, Li Wang, Lei Wang, Weili Han
High Efficiency Differential Privacy Multi Party Private Text Party Computation Model Protection Differential Privacy Noise Cryptographic Protocol

August 4, 2022

MOVE: Effective and Harmless Ownership Verification via Embedded External Features
Yiming Li, Linghui Zhu, Xiaojun Jia, Yang Bai, Yong Jiang, Shu-Tao Xia, Xiaochun Cao
Content Based Feature Ownership Verification Model Stealing Model Protection Model Ownership Verification

July 12, 2022

Image and Model Transformation with Secret Key for Vision Transformer
Hitoshi Kiya, Ryota Iijima, MaungMaung Aprilpyone, Yuma Kinoshita
Vision Transformer Image Classification Training Model Secret Key Model Protection Model Transformation

Model Protection

Papers

DeepCore: Simple Fingerprint Construction for Differentiating Homologous and Piracy Models

CoreGuard: Safeguarding Foundational Capabilities of LLMs Against Model Stealing in Edge Deployment

PersonaMark: Personalized LLM watermarking for model protection and user attribution

ModelLock: Locking Your Model With a Spell

Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution

TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments

TransLinkGuard: Safeguarding Transformer Models Against Model Stealing in Edge Deployment

Generative Models are Self-Watermarked: Declaring Model Authentication through Re-Generation

Double-I Watermark: Protecting Model Copyright for LLM Fine-tuning

Copyright Protection in Generative AI: A Technical Perspective

Model Copyright Protection in Buyer-seller Environment

CopyRNeRF: Protecting the CopyRight of Neural Radiance Fields

NNSplitter: An Active Defense Solution for DNN Model via Automated Weight Obfuscation

FedRight: An Effective Model Copyright Protection for Federated Learning

Distillation-Resistant Watermarking for Model Protection in NLP

Private, Efficient, and Accurate: Protecting Models Trained by Multi-party Learning with Differential Privacy

MOVE: Effective and Harmless Ownership Verification via Embedded External Features

Image and Model Transformation with Secret Key for Vision Transformer