Learnable Linguistic Watermarks for Tracing Model Extraction Attacks on Large Language Models
This addresses the need to safeguard intellectual property for LLM developers, though it appears incremental as it builds on existing watermarking techniques with a novel statistical approach.
The paper tackles the problem of protecting Large Language Models (LLMs) from model extraction attacks by proposing a learnable linguistic watermarking method that subtly modifies token frequency distributions to embed identifiable watermarks, achieving low false positive/negative rates while preserving model performance.
In the rapidly evolving domain of artificial intelligence, safeguarding the intellectual property of Large Language Models (LLMs) is increasingly crucial. Current watermarking techniques against model extraction attacks, which rely on signal insertion in model logits or post-processing of generated text, remain largely heuristic. We propose a novel method for embedding learnable linguistic watermarks in LLMs, aimed at tracing and preventing model extraction attacks. Our approach subtly modifies the LLM's output distribution by introducing controlled noise into token frequency distributions, embedding an statistically identifiable controllable watermark.We leverage statistical hypothesis testing and information theory, particularly focusing on Kullback-Leibler Divergence, to differentiate between original and modified distributions effectively. Our watermarking method strikes a delicate well balance between robustness and output quality, maintaining low false positive/negative rates and preserving the LLM's original performance.