CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks
Previous works have validated that text generation APIs can be stolen through imitation attacks, causing IP violations. In order to protect the IP of text generation APIs, a recent work has introduced a watermarking algorithm and utilized the null-hypothesis test as a post-hoc ownership verification...
Gespeichert in:
| Format: | Elektronisch E-Book |
|---|---|
| Sprache: | English |
| Veröffentlicht: |
2022
|
| Schlagworte: | |
| Online-Zugang: | View online |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
MARC
| LEADER | 00000nam a2200000 c 4500 | ||
|---|---|---|---|
| 001 | BV049047212 | ||
| 003 | DE-604 | ||
| 005 | 00000000000000.0 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 230712s2022 xx o|||| 00||| eng d | ||
| 035 | |a (DE-599)BVBBV049047212 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-M382 | ||
| 245 | 1 | 0 | |a CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks |c Xuanli He (University College London), Qiongkai Xu (University of Melbourne), Yi Zeng (Virginia Tech), Lingjuan Lyu (Sony AI), Fangzhao Wu (Microsoft Research Asia), Jiwei Li (Shannon.AI, Zhejiang University), Ruoxi Jia (Virginia Tech) |
| 264 | 1 | |c 2022 | |
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 520 | 3 | |a Previous works have validated that text generation APIs can be stolen through imitation attacks, causing IP violations. In order to protect the IP of text generation APIs, a recent work has introduced a watermarking algorithm and utilized the null-hypothesis test as a post-hoc ownership verification on the imitation models. However, we find that it is possible to detect those watermarks via sufficient statistics of the frequencies of candidate watermarking words. To address this drawback, in this paper, we propose a novel Conditional wATERmarking framework (CATER) for protecting the IP of text generation APIs. An optimization method is proposed to decide the watermarking rules that can minimize the distortion of overall word distributions while maximizing the change of conditional word selections. Theoretically, we prove that it is infeasible for even the savviest attacker (they know how CATER works) to reveal the used watermarks from a large pool of potential word pairs based on statistical inspection. Empirically, we observe that high-order conditions lead to an exponential growth of suspicious (unused) watermarks, making our crafted watermarks more stealthy. In addition, \cater can effectively identify the IP infringement under architectural mismatch and cross-domain imitation attacks, with negligible impairments on the generation quality of victim APIs. We envision our work as a milestone for stealthily protecting the IP of text generation APIs | |
| 520 | 3 | |a Comment: accepted to NeurIPS 2022 | |
| 653 | |a Computer Science - Cryptography and Security | ||
| 653 | 6 | |a text | |
| 700 | 1 | |a He, Xuanli |e Sonstige |4 oth | |
| 700 | 1 | |a Xu, Qiongkai |e Sonstige |4 oth | |
| 700 | 1 | |a Zeng, Yi |e Sonstige |0 (DE-588)171891996 |4 oth | |
| 700 | 1 | |a Lyu, Lingjuan |e Sonstige |4 oth | |
| 700 | 1 | |a Wu, Fangzhao |e Sonstige |4 oth | |
| 700 | 1 | |a Li, Jiwei |d 1960- |e Sonstige |0 (DE-588)1147791279 |4 oth | |
| 700 | 1 | |a Jia, Ruoxi |e Sonstige |4 oth | |
| 856 | 4 | 0 | |u http://arxiv.org/abs/2209.08773 |y View online |3 Item Resolution URL |
| 943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-034309659 | |
Datensatz im Suchindex
| _version_ | 1819314708482621440 |
|---|---|
| any_adam_object | |
| author_GND | (DE-588)171891996 (DE-588)1147791279 |
| building | Verbundindex |
| bvnumber | BV049047212 |
| ctrlnum | (DE-599)BVBBV049047212 |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>02850nam a2200349 c 4500</leader><controlfield tag="001">BV049047212</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">230712s2022 xx o|||| 00||| eng d</controlfield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV049047212</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-M382</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks</subfield><subfield code="c">Xuanli He (University College London), Qiongkai Xu (University of Melbourne), Yi Zeng (Virginia Tech), Lingjuan Lyu (Sony AI), Fangzhao Wu (Microsoft Research Asia), Jiwei Li (Shannon.AI, Zhejiang University), Ruoxi Jia (Virginia Tech)</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2022</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1="3" ind2=" "><subfield code="a">Previous works have validated that text generation APIs can be stolen through imitation attacks, causing IP violations. In order to protect the IP of text generation APIs, a recent work has introduced a watermarking algorithm and utilized the null-hypothesis test as a post-hoc ownership verification on the imitation models. However, we find that it is possible to detect those watermarks via sufficient statistics of the frequencies of candidate watermarking words. To address this drawback, in this paper, we propose a novel Conditional wATERmarking framework (CATER) for protecting the IP of text generation APIs. An optimization method is proposed to decide the watermarking rules that can minimize the distortion of overall word distributions while maximizing the change of conditional word selections. Theoretically, we prove that it is infeasible for even the savviest attacker (they know how CATER works) to reveal the used watermarks from a large pool of potential word pairs based on statistical inspection. Empirically, we observe that high-order conditions lead to an exponential growth of suspicious (unused) watermarks, making our crafted watermarks more stealthy. In addition, \cater can effectively identify the IP infringement under architectural mismatch and cross-domain imitation attacks, with negligible impairments on the generation quality of victim APIs. We envision our work as a milestone for stealthily protecting the IP of text generation APIs</subfield></datafield><datafield tag="520" ind1="3" ind2=" "><subfield code="a">Comment: accepted to NeurIPS 2022</subfield></datafield><datafield tag="653" ind1=" " ind2=" "><subfield code="a">Computer Science - Cryptography and Security</subfield></datafield><datafield tag="653" ind1=" " ind2="6"><subfield code="a">text</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">He, Xuanli</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Xu, Qiongkai</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Zeng, Yi</subfield><subfield code="e">Sonstige</subfield><subfield code="0">(DE-588)171891996</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Lyu, Lingjuan</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Wu, Fangzhao</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Li, Jiwei</subfield><subfield code="d">1960-</subfield><subfield code="e">Sonstige</subfield><subfield code="0">(DE-588)1147791279</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Jia, Ruoxi</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">http://arxiv.org/abs/2209.08773</subfield><subfield code="y">View online</subfield><subfield code="3">Item Resolution URL</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-034309659</subfield></datafield></record></collection> |
| id | DE-604.BV049047212 |
| illustrated | Not Illustrated |
| indexdate | 2024-12-24T09:48:27Z |
| institution | BVB |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-034309659 |
| open_access_boolean | |
| owner | DE-M382 |
| owner_facet | DE-M382 |
| publishDate | 2022 |
| publishDateSearch | 2022 |
| publishDateSort | 2022 |
| record_format | marc |
| spelling | CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks Xuanli He (University College London), Qiongkai Xu (University of Melbourne), Yi Zeng (Virginia Tech), Lingjuan Lyu (Sony AI), Fangzhao Wu (Microsoft Research Asia), Jiwei Li (Shannon.AI, Zhejiang University), Ruoxi Jia (Virginia Tech) 2022 txt rdacontent c rdamedia cr rdacarrier Previous works have validated that text generation APIs can be stolen through imitation attacks, causing IP violations. In order to protect the IP of text generation APIs, a recent work has introduced a watermarking algorithm and utilized the null-hypothesis test as a post-hoc ownership verification on the imitation models. However, we find that it is possible to detect those watermarks via sufficient statistics of the frequencies of candidate watermarking words. To address this drawback, in this paper, we propose a novel Conditional wATERmarking framework (CATER) for protecting the IP of text generation APIs. An optimization method is proposed to decide the watermarking rules that can minimize the distortion of overall word distributions while maximizing the change of conditional word selections. Theoretically, we prove that it is infeasible for even the savviest attacker (they know how CATER works) to reveal the used watermarks from a large pool of potential word pairs based on statistical inspection. Empirically, we observe that high-order conditions lead to an exponential growth of suspicious (unused) watermarks, making our crafted watermarks more stealthy. In addition, \cater can effectively identify the IP infringement under architectural mismatch and cross-domain imitation attacks, with negligible impairments on the generation quality of victim APIs. We envision our work as a milestone for stealthily protecting the IP of text generation APIs Comment: accepted to NeurIPS 2022 Computer Science - Cryptography and Security text He, Xuanli Sonstige oth Xu, Qiongkai Sonstige oth Zeng, Yi Sonstige (DE-588)171891996 oth Lyu, Lingjuan Sonstige oth Wu, Fangzhao Sonstige oth Li, Jiwei 1960- Sonstige (DE-588)1147791279 oth Jia, Ruoxi Sonstige oth http://arxiv.org/abs/2209.08773 View online Item Resolution URL |
| spellingShingle | CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks |
| title | CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks |
| title_auth | CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks |
| title_exact_search | CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks |
| title_full | CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks Xuanli He (University College London), Qiongkai Xu (University of Melbourne), Yi Zeng (Virginia Tech), Lingjuan Lyu (Sony AI), Fangzhao Wu (Microsoft Research Asia), Jiwei Li (Shannon.AI, Zhejiang University), Ruoxi Jia (Virginia Tech) |
| title_fullStr | CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks Xuanli He (University College London), Qiongkai Xu (University of Melbourne), Yi Zeng (Virginia Tech), Lingjuan Lyu (Sony AI), Fangzhao Wu (Microsoft Research Asia), Jiwei Li (Shannon.AI, Zhejiang University), Ruoxi Jia (Virginia Tech) |
| title_full_unstemmed | CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks Xuanli He (University College London), Qiongkai Xu (University of Melbourne), Yi Zeng (Virginia Tech), Lingjuan Lyu (Sony AI), Fangzhao Wu (Microsoft Research Asia), Jiwei Li (Shannon.AI, Zhejiang University), Ruoxi Jia (Virginia Tech) |
| title_short | CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks |
| title_sort | cater intellectual property protection on text generation apis via conditional watermarks |
| url | http://arxiv.org/abs/2209.08773 |
| work_keys_str_mv | AT hexuanli caterintellectualpropertyprotectionontextgenerationapisviaconditionalwatermarks AT xuqiongkai caterintellectualpropertyprotectionontextgenerationapisviaconditionalwatermarks AT zengyi caterintellectualpropertyprotectionontextgenerationapisviaconditionalwatermarks AT lyulingjuan caterintellectualpropertyprotectionontextgenerationapisviaconditionalwatermarks AT wufangzhao caterintellectualpropertyprotectionontextgenerationapisviaconditionalwatermarks AT lijiwei caterintellectualpropertyprotectionontextgenerationapisviaconditionalwatermarks AT jiaruoxi caterintellectualpropertyprotectionontextgenerationapisviaconditionalwatermarks |