Timezone: »

CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks
Xuanli He · Qiongkai Xu · Yi Zeng · Lingjuan Lyu · Fangzhao Wu · Jiwei Li · Ruoxi Jia

Wed Nov 30 02:00 PM -- 04:00 PM (PST) @ Hall J #206

Previous works have validated that text generation APIs can be stolen through imitation attacks, causing IP violations. In order to protect the IP of text generation APIs, recent work has introduced a watermarking algorithm and utilized the null-hypothesis test as a post-hoc ownership verification on the imitation models. However, we find that it is possible to detect those watermarks via sufficient statistics of the frequencies of candidate watermarking words. To address this drawback, in this paper, we propose a novel Conditional wATERmarking framework (CATER) for protecting the IP of text generation APIs. An optimization method is proposed to decide the watermarking rules that can minimize the distortion of overall word distributions while maximizing the change of conditional word selections. Theoretically, we prove that it is infeasible for even the savviest attacker (they know how CATER works) to reveal the used watermarks from a large pool of potential word pairs based on statistical inspection. Empirically, we observe that high-order conditions lead to an exponential growth of suspicious (unused) watermarks, making our crafted watermarks more stealthy. In addition, CATER can effectively identify IP infringement under architectural mismatch and cross-domain imitation attacks, with negligible impairments on the generation quality of victim APIs. We envision our work as a milestone for stealthily protecting the IP of text generation APIs.

Author Information

Xuanli He (Monash University)
Qiongkai Xu (University of Melbourne)
Yi Zeng (Virginia Tech)
Yi Zeng

Yi Zeng is a second-year Ph.D. student in Computer Engineering at Virginia Tech. He earned his M.S. in Electronic and Computer Engineering, Machine Learning & Data Science from the University of California, San Diego, and his B.S. in Electronic and Information Engineering from Xidian University. His research interests include trustworthy machine learning, artificial intelligence security, and the reliable data market for machine learning. He has a great passion for bringing more trustworthy and responsible artificial intelligence into reality. He received the best paper award at the International Conference on Algorithms and Architectures for Parallel Processing (ICA3PP), 2020. He currently has over twenty top-tier peer-reviewed journals (e.g., IEEE TII, IEEE TC, IEEE Access, etc.) and conferences (e.g., ICLR, NeurIPS, ICCV, IJCAI, AsiaCCS, etc.) to his name.

Lingjuan Lyu (Sony AI)
Fangzhao Wu
Jiwei Li (Shannon.AI)
Ruoxi Jia (Virginia Tech)

More from the Same Authors