Related papers: Hey, That's My Model! Introducing Chain & Hash, An LLM Fingerprinting Technique

Hey, That's My Model! Introducing Chain & Hash, An LLM Fingerprinting Technique

URL: http://arxiv.org/abs/2407.10887v3
Date: Thu, 12 Jun 2025 10:44:01 GMT
Title: Hey, That's My Model! Introducing Chain & Hash, An LLM Fingerprinting Technique
Authors: Mark Russinovich, Ahmed Salem,
Abstract summary: Growing concerns over the theft and misuse of Large Language Models (LLMs) have heightened the need for effective fingerprinting.<n>We define five key properties for a successful fingerprint: Transparency, Efficiency, Persistence, Robustness, and Unforgeability.<n>We introduce a novel fingerprinting framework that provides verifiable proof of ownership while maintaining fingerprint integrity.
Score: 2.7174461714624805
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Growing concerns over the theft and misuse of Large Language Models (LLMs) have heightened the need for effective fingerprinting, which links a model to its original version to detect misuse. In this paper, we define five key properties for a successful fingerprint: Transparency, Efficiency, Persistence, Robustness, and Unforgeability. We introduce a novel fingerprinting framework that provides verifiable proof of ownership while maintaining fingerprint integrity. Our approach makes two main contributions. First, we propose a Chain and Hash technique that cryptographically binds fingerprint prompts with their responses, ensuring no adversary can generate colliding fingerprints and allowing model owners to irrefutably demonstrate their creation. Second, we address a realistic threat model in which instruction-tuned models' output distribution can be significantly altered through meta-prompts. By integrating random padding and varied meta-prompt configurations during training, our method preserves fingerprint robustness even when the model's output style is significantly modified. Experimental results demonstrate that our framework offers strong security for proving ownership and remains resilient against benign transformations like fine-tuning, as well as adversarial attempts to erase fingerprints. Finally, we also demonstrate its applicability to fingerprinting LoRA adapters.

Related papers

ImF: Implicit Fingerprint for Large Language Models [0.0]
We propose a novel injected fingerprint paradigm called Implicit Fingerprints (ImF) ImF constructs fingerprint pairs with strong semantic correlations, disguising them as natural question-answer pairs within large language models (LLMs) Our experiment on multiple LLMs demonstrates that ImF retains high verification success rates under adversarial conditions.
arXiv Detail & Related papers (2025-03-25T05:47:34Z)
Privacy-Preserving Biometric Verification with Handwritten Random Digit String [49.77172854374479]
Handwriting verification has stood as a steadfast identity authentication method for decades.<n>However, this technique risks potential privacy breaches due to the inclusion of personal information in handwritten biometrics such as signatures.<n>We propose using the Random Digit String (RDS) for privacy-preserving handwriting verification.
arXiv Detail & Related papers (2025-03-17T03:47:25Z)
Scalable Fingerprinting of Large Language Models [46.26999419117367]
We introduce a new method, dubbed Perinucleus sampling, to generate scalable, persistent, and harmless fingerprints. We demonstrate that this scheme can add 24,576 fingerprints to a Llama-3.1-8B model without degrading the model's utility.
arXiv Detail & Related papers (2025-02-11T18:43:07Z)
FIT-Print: Towards False-claim-resistant Model Ownership Verification via Targeted Fingerprint [29.015707553430442]
We propose a targeted fingerprinting paradigm (i.e., FIT-Print) to counteract false claim attacks.<n>Specifically, FIT-Print transforms the fingerprint into a targeted signature via optimization.<n>Building on the principles of FIT-Print, we develop bit-wise and list-wise black-box model fingerprinting methods.
arXiv Detail & Related papers (2025-01-26T13:00:58Z)
Sample Correlation for Fingerprinting Deep Face Recognition [83.53005932513156]
We propose a novel model stealing detection method based on SA Corremplelation (SAC) SAC successfully defends against various model stealing attacks in deep face recognition, encompassing face verification and face emotion recognition, exhibiting the highest performance in terms of AUC, p-value and F1 score. We extend our evaluation of SAC-JC to object recognition including Tiny-ImageNet and CIFAR10, which also demonstrates the superior performance of SAC-JC to previous methods.
arXiv Detail & Related papers (2024-12-30T07:37:06Z)
Instructional Fingerprinting of Large Language Models [57.72356846657551]
We present a pilot study on fingerprinting Large language models (LLMs) as a form of very lightweight instruction tuning. Results on 11 popularly-used LLMs showed that this approach is lightweight and does not affect the normal behavior of the model. It also prevents publisher overclaim, maintains robustness against fingerprint guessing and parameter-efficient training, and supports multi-stage fingerprinting akin to MIT License.
arXiv Detail & Related papers (2024-01-21T09:51:45Z)
Comparative analysis of segmentation and generative models for fingerprint retrieval task [0.0]
Fingerprints deteriorate in quality if the fingers are dirty, wet, injured or when sensors malfunction. This paper proposes a deep learning approach to address these issues using Generative (GAN) and models. In our research, the u-net model performed better than the GAN networks.
arXiv Detail & Related papers (2022-09-13T17:21:14Z)
Hierarchical Perceptual Noise Injection for Social Media Fingerprint Privacy Protection [106.5308793283895]
fingerprint leakage from social media raises a strong desire for anonymizing shared images. To guard the fingerprint leakage, adversarial attack emerges as a solution by adding imperceptible perturbations on images. We propose FingerSafe, a hierarchical perceptual protective noise injection framework to address the mentioned problems.
arXiv Detail & Related papers (2022-08-23T02:20:46Z)
FBI: Fingerprinting models with Benign Inputs [17.323638042215013]
This paper tackles the challenges to propose i) fingerprinting schemes that are resilient to significant modifications of the models, by generalizing to the notion of model families and their variants. We achieve both goals by demonstrating that benign inputs, that are unmodified images, are sufficient material for both tasks. Both approaches are experimentally validated over an unprecedented set of more than 1,000 networks.
arXiv Detail & Related papers (2022-08-05T13:55:36Z)
Pair-Relationship Modeling for Latent Fingerprint Recognition [25.435974669629374]
We propose a new scheme that can model the pair-relationship of two fingerprints directly as the similarity feature for recognition. Experimental results on two databases show that the proposed method outperforms the state of the art.
arXiv Detail & Related papers (2022-07-02T11:31:31Z)
FingerGAN: A Constrained Fingerprint Generation Scheme for Latent Fingerprint Enhancement [23.67808389519383]
We propose a new method that formulates the latent fingerprint enhancement as a constrained fingerprint generation problem. Experimental results on two public latent fingerprint databases demonstrate that our method outperforms the state of the arts significantly.
arXiv Detail & Related papers (2022-06-26T14:05:21Z)
SpoofGAN: Synthetic Fingerprint Spoof Images [47.87570819350573]
A major limitation to advances in fingerprint spoof detection is the lack of publicly available, large-scale fingerprint spoof datasets. This work aims to demonstrate the utility of synthetic (both live and spoof) fingerprints in supplying these algorithms with sufficient data.
arXiv Detail & Related papers (2022-04-13T16:27:27Z)
Synthesis and Reconstruction of Fingerprints using Generative Adversarial Networks [6.700873164609009]
We propose a novel fingerprint synthesis and reconstruction framework based on the StyleGan2 architecture. We also derive a computational approach to modify the attributes of the generated fingerprint while preserving their identity. The proposed framework was experimentally shown to outperform contemporary state-of-the-art approaches for both fingerprint synthesis and reconstruction.
arXiv Detail & Related papers (2022-01-17T00:18:00Z)
Responsible Disclosure of Generative Models Using Scalable Fingerprinting [70.81987741132451]
Deep generative models have achieved a qualitatively new level of performance. There are concerns on how this technology can be misused to spoof sensors, generate deep fakes, and enable misinformation at scale. Our work enables a responsible disclosure of such state-of-the-art generative models, that allows researchers and companies to fingerprint their models.
arXiv Detail & Related papers (2020-12-16T03:51:54Z)
Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data [64.65952078807086]
Photorealistic image generation has reached a new level of quality due to the breakthroughs of generative adversarial networks (GANs) Yet, the dark side of such deepfakes, the malicious use of generated media, raises concerns about visual misinformation. We seek a proactive and sustainable solution on deepfake detection by introducing artificial fingerprints into the models.
arXiv Detail & Related papers (2020-07-16T16:49:55Z)
Latent Fingerprint Registration via Matching Densely Sampled Points [100.53031290339483]
Existing latent fingerprint registration approaches are mainly based on establishing correspondences between minutiae. We propose a non-minutia latent fingerprint registration method which estimates the spatial transformation between a pair of fingerprints. The proposed method achieves the state-of-the-art registration performance, especially under challenging conditions.
arXiv Detail & Related papers (2020-05-12T15:51:59Z)

This list is automatically generated from the titles and abstracts of the papers in this site.