An Embarrassingly Simple Approach for Intellectual Property Rights Protection on Recurrent Neural Networks
This addresses the need for IP protection in MLaaS, particularly for RNNs in NLP, offering a practical solution against model theft, though it is incremental as it builds on existing IPR protection concepts.
The paper tackles the problem of protecting intellectual property rights for recurrent neural networks (RNNs) by proposing a simple Gatekeeper method that embeds keys into the RNN architecture, ensuring the model retains original performance only with a genuine key. Experiments show robustness against attacks, with effectiveness demonstrated across different RNN variants in white-box and black-box schemes.
Capitalise on deep learning models, offering Natural Language Processing (NLP) solutions as a part of the Machine Learning as a Service (MLaaS) has generated handsome revenues. At the same time, it is known that the creation of these lucrative deep models is non-trivial. Therefore, protecting these inventions intellectual property rights (IPR) from being abused, stolen and plagiarized is vital. This paper proposes a practical approach for the IPR protection on recurrent neural networks (RNN) without all the bells and whistles of existing IPR solutions. Particularly, we introduce the Gatekeeper concept that resembles the recurrent nature in RNN architecture to embed keys. Also, we design the model training scheme in a way such that the protected RNN model will retain its original performance iff a genuine key is presented. Extensive experiments showed that our protection scheme is robust and effective against ambiguity and removal attacks in both white-box and black-box protection schemes on different RNN variants. Code is available at https://github.com/zhiqin1998/RecurrentIPR