ModelLock: Locking Your Model With a Spell

TL;DR

ModelLock introduces a diffusion-based method to lock models by transforming training data with text-guided editing, making models unusable without the correct key prompt, thus protecting intellectual property.

Contribution

This work proposes a novel diffusion-based framework for model locking that leverages text-guided data transformation to secure models against unauthorized use.

Findings

ModelLock effectively locks models without significant performance loss.

Locked models cannot be unlocked without the correct key prompt and diffusion model.

The approach applies to both image classification and segmentation tasks.

Abstract

This paper presents a novel model protection paradigm ModelLock that locks (destroys) the performance of a model on normal clean data so as to make it unusable or unextractable without the right key. Specifically, we proposed a diffusion-based framework dubbed ModelLock that explores text-guided image editing to transform the training data into unique styles or add new objects in the background. A model finetuned on this edited dataset will be locked and can only be unlocked by the key prompt, i.e., the text prompt used to transform the data. We conduct extensive experiments on both image classification and segmentation tasks, and show that 1) ModelLock can effectively lock the finetuned models without significantly reducing the expected performance, and more importantly, 2) the locked model cannot be easily unlocked without knowing both the key prompt and the diffusion model. Our work opens up a new direction for intellectual property protection of private models.