CoreGuard: Safeguarding Foundational Capabilities of LLMs Against Model Stealing in Edge Deployment

TL;DR

CoreGuard is a novel, efficient protection protocol designed to safeguard proprietary large language models deployed on edge devices from model stealing and fine-tuning attacks, with minimal overhead.

Contribution

It introduces CoreGuard, a computation- and communication-efficient method that provides strong security for edge-deployed LLMs against model extraction and misuse.

Findings

CoreGuard achieves near-maximum security protection.

It incurs negligible computational and communication overhead.

Extensive experiments validate its effectiveness and efficiency.

Abstract

Proprietary large language models (LLMs) exhibit strong generalization capabilities across diverse tasks and are increasingly deployed on edge devices for efficiency and privacy reasons. However, deploying proprietary LLMs at the edge without adequate protection introduces critical security threats. Attackers can extract model weights and architectures, enabling unauthorized copying and misuse. Even when protective measures prevent full extraction of model weights, attackers may still perform advanced attacks, such as fine-tuning, to further exploit the model. Existing defenses against these threats typically incur significant computational and communication overhead, making them impractical for edge deployment. To safeguard the edge-deployed LLMs, we introduce CoreGuard, a computation- and communication-efficient protection method. CoreGuard employs an efficient protection protocol to reduce computational overhead and minimize communication overhead via a propagation protocol. Extensive experiments show that CoreGuard achieves upper-bound security protection with negligible overhead.