The content discusses the security challenges of deploying proprietary large language models (LLMs) on edge devices, where the models are exposed as white-box and vulnerable to model stealing (MS) attacks. Existing defense mechanisms fail to provide effective protection that satisfies four critical properties: maintaining protection after physical copying, authorizing model access at the request level, safeguarding against runtime reverse engineering, and achieving high security with negligible runtime overhead.
To address these challenges, the authors propose TransLinkGuard, a novel approach that deploys a "locked" transformer model on the edge device and an authorization module in a secure environment (e.g., TEE). The key innovation is a lightweight permutation-based authorization mechanism that allows only authorized requests to correctly compute the permuted model layers. This approach ensures proactive protection, request-level authorization, runtime security, and high efficiency.
Extensive experiments show that TransLinkGuard outperforms existing partial TEE-shielded execution (PTSE) solutions in terms of security guarantee and efficiency, achieving black-box-level security with negligible overhead. The authors also demonstrate that TransLinkGuard maintains the original model's accuracy without any degradation.
To Another Language
from source content
arxiv.org
Viktige innsikter hentet fra
by Qinfeng Li,Z... klokken arxiv.org 04-18-2024
https://arxiv.org/pdf/2404.11121.pdfDypere Spørsmål