Computing systems based on the emerging device resistive random-access memory (RRAM) have received a lot of attention due to its capability of performing matrix-vector-multiplications operations in memory. However, the security of the RRAM computing system has not been paid enough attention. An attacker can gain access to the neural network models stored in the RRAM computing system by illegally accessing an unauthorized RRAM computing system and then carrying on a black-box attack. The goal of this study is to thwart such attacks. The defense method proposed in this study is based on benign Trojan, which means that when the RRAM computing system is not authorized, the Trojan in the system are extremely easy to be activated, which in turn affects the prediction accuracy of the system's output, thus ensuring that the system is not able to operate normally; when the RRAM computing system is authorized, the Trojan in the system are extremely difficult to be activated accidently, thus enabling the system to operate normally. It is shown experimentally that the method enables the output prediction accuracy of an unauthorized RRAM computing system to be reduced to less than 15%, with a hardware overhead of less than 4.5% of the RRAM devices in the system.