PersonaMark: Personalized LLM watermarking for model protection and user attribution

arXiv - CS - Cryptography and Security Pub Date : 2024-09-15 DOI:arxiv-2409.09739

Yuehan Zhang, Peizhuo Lv, Yinpeng Liu, Yongqiang Ma, Wei Lu, Xiaofeng Wang, Xiaozhong Liu, Jiawei Liu

{"title":"PersonaMark: Personalized LLM watermarking for model protection and user attribution","authors":"Yuehan Zhang, Peizhuo Lv, Yinpeng Liu, Yongqiang Ma, Wei Lu, Xiaofeng Wang, Xiaozhong Liu, Jiawei Liu","doi":"arxiv-2409.09739","DOIUrl":null,"url":null,"abstract":"The rapid development of LLMs brings both convenience and potential threats.\nAs costumed and private LLMs are widely applied, model copyright protection has\nbecome important. Text watermarking is emerging as a promising solution to\nAI-generated text detection and model protection issues. However, current text\nwatermarks have largely ignored the critical need for injecting different\nwatermarks for different users, which could help attribute the watermark to a\nspecific individual. In this paper, we explore the personalized text\nwatermarking scheme for LLM copyright protection and other scenarios, ensuring\naccountability and traceability in content generation. Specifically, we propose\na novel text watermarking method PersonaMark that utilizes sentence structure\nas the hidden medium for the watermark information and optimizes the\nsentence-level generation algorithm to minimize disruption to the model's\nnatural generation process. By employing a personalized hashing function to\ninject unique watermark signals for different users, personalized watermarked\ntext can be obtained. Since our approach performs on sentence level instead of\ntoken probability, the text quality is highly preserved. The injection process\nof unique watermark signals for different users is time-efficient for a large\nnumber of users with the designed multi-user hashing function. As far as we\nknow, we achieved personalized text watermarking for the first time through\nthis. We conduct an extensive evaluation of four different LLMs in terms of\nperplexity, sentiment polarity, alignment, readability, etc. The results\ndemonstrate that our method maintains performance with minimal perturbation to\nthe model's behavior, allows for unbiased insertion of watermark information,\nand exhibits strong watermark recognition capabilities.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"49 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.09739","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid development of LLMs brings both convenience and potential threats. As costumed and private LLMs are widely applied, model copyright protection has become important. Text watermarking is emerging as a promising solution to AI-generated text detection and model protection issues. However, current text watermarks have largely ignored the critical need for injecting different watermarks for different users, which could help attribute the watermark to a specific individual. In this paper, we explore the personalized text watermarking scheme for LLM copyright protection and other scenarios, ensuring accountability and traceability in content generation. Specifically, we propose a novel text watermarking method PersonaMark that utilizes sentence structure as the hidden medium for the watermark information and optimizes the sentence-level generation algorithm to minimize disruption to the model's natural generation process. By employing a personalized hashing function to inject unique watermark signals for different users, personalized watermarked text can be obtained. Since our approach performs on sentence level instead of token probability, the text quality is highly preserved. The injection process of unique watermark signals for different users is time-efficient for a large number of users with the designed multi-user hashing function. As far as we know, we achieved personalized text watermarking for the first time through this. We conduct an extensive evaluation of four different LLMs in terms of perplexity, sentiment polarity, alignment, readability, etc. The results demonstrate that our method maintains performance with minimal perturbation to the model's behavior, allows for unbiased insertion of watermark information, and exhibits strong watermark recognition capabilities.

查看原文本刊更多论文

PersonaMark：用于模型保护和用户归属的个性化 LLM 水印

随着古装和私人葡京娱乐场官方网站的广泛应用，模型版权保护变得尤为重要。文本水印正在成为解决人工智能生成的文本检测和模型保护问题的一种有前途的解决方案。然而，目前的文本水印在很大程度上忽视了为不同用户注入不同水印的关键需求，而这有助于将水印归属于特定个人。在本文中，我们探讨了适用于 LLM 版权保护和其他场景的个性化文本水印方案，以确保内容生成的可问责性和可追溯性。具体来说，我们提出了一种新颖的文本水印方法 PersonaMark，该方法利用句子结构作为水印信息的隐藏媒介，并优化了句子级生成算法，以尽量减少对模型自然生成过程的干扰。通过使用个性化哈希函数为不同用户注入独特的水印信号，可以获得个性化的水印文本。由于我们的方法是在句子层面而非单词概率层面执行的，因此文本质量得到了很好的保护。利用所设计的多用户散列函数，为不同用户注入独特水印信号的过程对于大量用户来说非常省时。据我们所知，我们首次实现了个性化文本水印。我们从复杂度、情感极性、对齐度、可读性等方面对四种不同的 LLM 进行了广泛的评估。结果表明，我们的方法能在对模型行为干扰最小的情况下保持性能，允许无偏见地插入水印信息，并表现出强大的水印识别能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv - CS - Cryptography and Security

自引率

0.00%

发文量