Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

EmMark: Robust Watermarks for IP Protection of Embedded Quantized Large Language Models

Ruisi Zhang, Farinaz Koushanfar

TL;DR

Proof-of-concept evaluations of models from OPT and LLaMA-2 families demonstrate EmMark’s fidelity, achieving 100% success in watermark extraction with model performance preservation, and its resilience against watermark removal and forging attacks.

Abstract

This paper introduces EmMark,a novel watermarking framework for protecting the intellectual property (IP) of embedded large language models deployed on resource-constrained edge devices. To address the IP theft risks posed by malicious end-users, EmMark enables proprietors to authenticate ownership by querying the watermarked model weights and matching the inserted signatures. EmMark's novelty lies in its strategic watermark weight parameters selection, nsuring robustness and maintaining model quality. Extensive proof-of-concept evaluations of models from OPT and LLaMA-2 families demonstrate EmMark's fidelity, achieving 100% success in watermark extraction with model performance preservation. EmMark also showcased its resilience against watermark removal and forging attacks.

EmMark: Robust Watermarks for IP Protection of Embedded Quantized Large Language Models

TL;DR

Proof-of-concept evaluations of models from OPT and LLaMA-2 families demonstrate EmMark’s fidelity, achieving 100% success in watermark extraction with model performance preservation, and its resilience against watermark removal and forging attacks.

Abstract

This paper introduces EmMark,a novel watermarking framework for protecting the intellectual property (IP) of embedded large language models deployed on resource-constrained edge devices. To address the IP theft risks posed by malicious end-users, EmMark enables proprietors to authenticate ownership by querying the watermarked model weights and matching the inserted signatures. EmMark's novelty lies in its strategic watermark weight parameters selection, nsuring robustness and maintaining model quality. Extensive proof-of-concept evaluations of models from OPT and LLaMA-2 families demonstrate EmMark's fidelity, achieving 100% success in watermark extraction with model performance preservation. EmMark also showcased its resilience against watermark removal and forging attacks.
Paper Structure (30 sections, 8 equations, 3 figures, 4 tables)

This paper contains 30 sections, 8 equations, 3 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Large Language Model Quantization
  4. Machine Learning Model Watermarking
  5. Threat Model
  6. Motivation
  7. Scenario
  8. Watermarking Criteria
  9. Watermarking Threats
  10. Method
  11. Watermark Insertion
  12. Parameters Scoring
  13. Signature Insertion
  14. Watermark Extraction
  15. Ownership Proof
  16. ...and 15 more sections

Figures (3)

  • Figure 1: EmMark watermarking overview. The watermark insertion encodes signatures into the original LLM before deployment. The watermark extraction decodes the signatures from the deployed LLM and proves ownership. The green circles in Parameters Scoring are candidate watermark locations, and the green weights in Signature Insertion are watermarked weights. The bold value is the model weight parameters, and the italics value is the corresponding scores $\mathbf{S}$.
  • Figure 2: EmMark's performance under parameter overwriting and re-watermarking attacks. The left subplot evaluates Perplexity (PPL), and the right subplot depicts Zero-shot Accuracy and Watermark Extraction Rate (WER).
  • Figure 3: EmMark's watermark performance with inserted signature lengths increased from 50-bit to 200-bit. All of the watermarks are successfully extracted.