Hey, That's My Model! Introducing Chain & Hash, An LLM Fingerprinting Technique

• URL: http://arxiv.org/abs/2407.10887v2
• Date: Wed, 17 Jul 2024 07:39:41 GMT
• Title: Hey, That's My Model! Introducing Chain & Hash, An LLM Fingerprinting Technique
• Authors: Mark Russinovich, Ahmed Salem,
• Abstract summary: Chain & Hash is a new, simple fingerprinting approach that implements a fingerprint with a cryptographic flavor. We evaluate the Chain & Hash technique on multiple models and demonstrate its robustness against benign transformations.
• Score: 2.7174461714624805
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Amid growing concerns over the ease of theft and misuse of Large Language Models (LLMs), the need for fingerprinting models has increased. Fingerprinting, in this context, means that the model owner can link a given model to their original version, thereby identifying if their model is being misused or has been completely stolen. In this paper, we first define a set five properties a successful fingerprint should satisfy; namely, the fingerprint should be Transparent, Efficient, Persistent, Robust, and Unforgeable. Next, we propose Chain & Hash, a new, simple fingerprinting approach that implements a fingerprint with a cryptographic flavor, achieving all these properties. Chain & Hash involves generating a set of questions (the fingerprints) along with a set of potential answers. These elements are hashed together using a secure hashing technique to select the value for each question, hence providing an unforgeability property-preventing adversaries from claiming false ownership. We evaluate the Chain & Hash technique on multiple models and demonstrate its robustness against benign transformations, such as fine-tuning on different datasets, and adversarial attempts to erase the fingerprint. Finally, our experiments demonstrate the efficiency of implementing Chain & Hash and its utility, where fingerprinted models achieve almost the same performance as non-fingerprinted ones across different benchmarks.

Related papers

• Scalable Fingerprinting of Large Language Models [46.26999419117367]
  We introduce a new method, dubbed Perinucleus sampling, to generate scalable, persistent, and harmless fingerprints. We demonstrate that this scheme can add 24,576 fingerprints to a Llama-3.1-8B model without degrading the model's utility.
  arXiv  Detail & Related papers  (2025-02-11T18:43:07Z)
• Sample Correlation for Fingerprinting Deep Face Recognition [83.53005932513156]
  We propose a novel model stealing detection method based on SA Corremplelation (SAC) SAC successfully defends against various model stealing attacks in deep face recognition, encompassing face verification and face emotion recognition, exhibiting the highest performance in terms of AUC, p-value and F1 score. We extend our evaluation of SAC-JC to object recognition including Tiny-ImageNet and CIFAR10, which also demonstrates the superior performance of SAC-JC to previous methods.
  arXiv  Detail & Related papers  (2024-12-30T07:37:06Z)
• Comparative analysis of segmentation and generative models for fingerprint retrieval task [0.0]
  Fingerprints deteriorate in quality if the fingers are dirty, wet, injured or when sensors malfunction. This paper proposes a deep learning approach to address these issues using Generative (GAN) and models. In our research, the u-net model performed better than the GAN networks.
  arXiv  Detail & Related papers  (2022-09-13T17:21:14Z)
• Hierarchical Perceptual Noise Injection for Social Media Fingerprint Privacy Protection [106.5308793283895]
  fingerprint leakage from social media raises a strong desire for anonymizing shared images. To guard the fingerprint leakage, adversarial attack emerges as a solution by adding imperceptible perturbations on images. We propose FingerSafe, a hierarchical perceptual protective noise injection framework to address the mentioned problems.
  arXiv  Detail & Related papers  (2022-08-23T02:20:46Z)
• Pair-Relationship Modeling for Latent Fingerprint Recognition [25.435974669629374]
  We propose a new scheme that can model the pair-relationship of two fingerprints directly as the similarity feature for recognition. Experimental results on two databases show that the proposed method outperforms the state of the art.
  arXiv  Detail & Related papers  (2022-07-02T11:31:31Z)
• FingerGAN: A Constrained Fingerprint Generation Scheme for Latent Fingerprint Enhancement [23.67808389519383]
  We propose a new method that formulates the latent fingerprint enhancement as a constrained fingerprint generation problem. Experimental results on two public latent fingerprint databases demonstrate that our method outperforms the state of the arts significantly.
  arXiv  Detail & Related papers  (2022-06-26T14:05:21Z)
• SpoofGAN: Synthetic Fingerprint Spoof Images [47.87570819350573]
  A major limitation to advances in fingerprint spoof detection is the lack of publicly available, large-scale fingerprint spoof datasets. This work aims to demonstrate the utility of synthetic (both live and spoof) fingerprints in supplying these algorithms with sufficient data.
  arXiv  Detail & Related papers  (2022-04-13T16:27:27Z)
• Synthesis and Reconstruction of Fingerprints using Generative Adversarial Networks [6.700873164609009]
  We propose a novel fingerprint synthesis and reconstruction framework based on the StyleGan2 architecture. We also derive a computational approach to modify the attributes of the generated fingerprint while preserving their identity. The proposed framework was experimentally shown to outperform contemporary state-of-the-art approaches for both fingerprint synthesis and reconstruction.
  arXiv  Detail & Related papers  (2022-01-17T00:18:00Z)
• Responsible Disclosure of Generative Models Using Scalable Fingerprinting [70.81987741132451]
  Deep generative models have achieved a qualitatively new level of performance. There are concerns on how this technology can be misused to spoof sensors, generate deep fakes, and enable misinformation at scale. Our work enables a responsible disclosure of such state-of-the-art generative models, that allows researchers and companies to fingerprint their models.
  arXiv  Detail & Related papers  (2020-12-16T03:51:54Z)
• Latent Fingerprint Registration via Matching Densely Sampled Points [100.53031290339483]
  Existing latent fingerprint registration approaches are mainly based on establishing correspondences between minutiae. We propose a non-minutia latent fingerprint registration method which estimates the spatial transformation between a pair of fingerprints. The proposed method achieves the state-of-the-art registration performance, especially under challenging conditions.
  arXiv  Detail & Related papers  (2020-05-12T15:51:59Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.