Towards Generalized and Stealthy Watermarking for Generative Code Models

TL;DR

This paper introduces CodeGuard, a novel watermarking technique for generative code models that enhances verification reliability and stealthiness, effectively protecting intellectual property without degrading model performance.

Contribution

CodeGuard combines attention mechanisms with distributed trigger embedding and homomorphic character replacement to improve generalization, stealthiness, and robustness of backdoor watermarks in GCMs.

Findings

Achieves up to 100% verification accuracy across tasks

Maintains primary task performance without degradation

Exhibits a detection rate of only 0.078 against ONION methods

Abstract

Generative code models (GCMs) significantly enhance development efficiency through automated code generation and code summarization. However, building and training these models require computational resources and time, necessitating effective digital copyright protection to prevent unauthorized leaks and misuse. Backdoor watermarking, by embedding hidden identifiers, simplifies copyright verification by breaking the model's black-box nature. Current backdoor watermarking techniques face two main challenges: first, limited generalization across different tasks and datasets, causing fluctuating verification rates; second, insufficient stealthiness, as watermarks are easily detected and removed by automated methods. To address these issues, we propose CodeGuard, a novel watermarking method combining attention mechanisms with distributed trigger embedding strategies. Specifically, CodeGuard employs attention mechanisms to identify watermark embedding positions, ensuring verifiability. Moreover, by using homomorphic character replacement, it avoids manual detection, while distributed trigger embedding reduces the likelihood of automated detection. Experimental results demonstrate that CodeGuard achieves up to 100% watermark verification rates in both code summarization and code generation tasks, with no impact on the primary task performance. In terms of stealthiness, CodeGuard performs exceptionally, with a maximum detection rate of only 0.078 against ONION detection methods, significantly lower than baseline methods.