TL;DR
This paper introduces AOW, a novel watermarking method for recommender systems that embeds identifiable sequences into models to protect intellectual property against theft and manipulation.
Contribution
We propose a new autoregressive watermarking technique specifically designed for recommender systems, addressing a gap in existing model protection methods.
Findings
AOW effectively embeds watermarks that are robust against distillation and fine-tuning.
The method allows high-confidence extraction of watermarks from protected models.
Experiments show AOW's superior performance compared to baseline approaches.
Abstract
Recommender systems embody significant commercial value and represent crucial intellectual property. However, the integrity of these systems is constantly challenged by malicious actors seeking to steal their underlying models. Safeguarding against such threats is paramount to upholding the rights and interests of the model owner. While model watermarking has emerged as a potent defense mechanism in various domains, its direct application to recommender systems remains unexplored and non-trivial. In this paper, we address this gap by introducing Autoregressive Out-of-distribution Watermarking (AOW), a novel technique tailored specifically for recommender systems. Our approach entails selecting an initial item and querying it through the oracle model, followed by the selection of subsequent items with small prediction scores. This iterative process generates a watermark sequence…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
