The content discusses the security challenges of deploying proprietary large language models (LLMs) on edge devices, where the models are exposed as white-box and vulnerable to model stealing (MS) attacks. Existing defense mechanisms fail to provide effective protection that satisfies four critical properties: maintaining protection after physical copying, authorizing model access at the request level, safeguarding against runtime reverse engineering, and achieving high security with negligible runtime overhead.
To address these challenges, the authors propose TransLinkGuard, a novel approach that deploys a "locked" transformer model on the edge device and an authorization module in a secure environment (e.g., TEE). The key innovation is a lightweight permutation-based authorization mechanism that allows only authorized requests to correctly compute the permuted model layers. This approach ensures proactive protection, request-level authorization, runtime security, and high efficiency.
Extensive experiments show that TransLinkGuard outperforms existing partial TEE-shielded execution (PTSE) solutions in terms of security guarantee and efficiency, achieving black-box-level security with negligible overhead. The authors also demonstrate that TransLinkGuard maintains the original model's accuracy without any degradation.
إلى لغة أخرى
من محتوى المصدر
arxiv.org
الرؤى الأساسية المستخلصة من
by Qinfeng Li,Z... في arxiv.org 04-18-2024
https://arxiv.org/pdf/2404.11121.pdfاستفسارات أعمق