FIT-Print: Towards False-claim-resistant Model Ownership Verification via Targeted Fingerprint

• URL: http://arxiv.org/abs/2501.15509v1
• Date: Sun, 26 Jan 2025 13:00:58 GMT
• Title: FIT-Print: Towards False-claim-resistant Model Ownership Verification via Targeted Fingerprint
• Authors: Shuo Shao, Haozhe Zhu, Hongwei Yao, Yiming Li, Tianwei Zhang, Zhan Qin, Kui Ren,
• Abstract summary: Model fingerprinting is a widely adopted approach to safeguard the intellectual property rights of open-source models.<n>In this paper, we reveal that they are vulnerable to false claim attacks where adversaries falsely assert ownership of any third-party model.<n>Motivated by these findings, we propose a targeted fingerprinting paradigm (i.e., FIT-Print) to counteract false claim attacks.
• Score: 29.015707553430442
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Model fingerprinting is a widely adopted approach to safeguard the intellectual property rights of open-source models by preventing their unauthorized reuse. It is promising and convenient since it does not necessitate modifying the protected model. In this paper, we revisit existing fingerprinting methods and reveal that they are vulnerable to false claim attacks where adversaries falsely assert ownership of any third-party model. We demonstrate that this vulnerability mostly stems from their untargeted nature, where they generally compare the outputs of given samples on different models instead of the similarities to specific references. Motivated by these findings, we propose a targeted fingerprinting paradigm (i.e., FIT-Print) to counteract false claim attacks. Specifically, FIT-Print transforms the fingerprint into a targeted signature via optimization. Building on the principles of FIT-Print, we develop bit-wise and list-wise black-box model fingerprinting methods, i.e., FIT-ModelDiff and FIT-LIME, which exploit the distance between model outputs and the feature attribution of specific samples as the fingerprint, respectively. Extensive experiments on benchmark models and datasets verify the effectiveness, conferrability, and resistance to false claim attacks of our FIT-Print.

Related papers

• ImF: Implicit Fingerprint for Large Language Models [0.0]
  We propose a novel injected fingerprint paradigm called Implicit Fingerprints (ImF) ImF constructs fingerprint pairs with strong semantic correlations, disguising them as natural question-answer pairs within large language models (LLMs) Our experiment on multiple LLMs demonstrates that ImF retains high verification success rates under adversarial conditions.
  arXiv  Detail & Related papers  (2025-03-25T05:47:34Z)
• Privacy-Preserving Biometric Verification with Handwritten Random Digit String [49.77172854374479]
  Handwriting verification has stood as a steadfast identity authentication method for decades. However, this technique risks potential privacy breaches due to the inclusion of personal information in handwritten biometrics such as signatures. We propose using the Random Digit String (RDS) for privacy-preserving handwriting verification.
  arXiv  Detail & Related papers  (2025-03-17T03:47:25Z)
• Adversarial Example Based Fingerprinting for Robust Copyright Protection in Split Learning [17.08424946015621]
  We propose the first copyright protection scheme for Split Learning model, leveraging fingerprint to ensure effective and robust copyright protection. This is demonstrated by a remarkable fingerprint verification success rate (FVSR) of 100% on MNIST, 98% on CIFAR-10, and 100% on ImageNet.
  arXiv  Detail & Related papers  (2025-03-05T06:07:16Z)
• Scalable Fingerprinting of Large Language Models [46.26999419117367]
  We introduce a new method, dubbed Perinucleus sampling, to generate scalable, persistent, and harmless fingerprints. We demonstrate that this scheme can add 24,576 fingerprints to a Llama-3.1-8B model without degrading the model's utility.
  arXiv  Detail & Related papers  (2025-02-11T18:43:07Z)
• Sample Correlation for Fingerprinting Deep Face Recognition [83.53005932513156]
  We propose a novel model stealing detection method based on SA Corremplelation (SAC)<n>SAC successfully defends against various model stealing attacks in deep face recognition, encompassing face verification and face emotion recognition, exhibiting the highest performance in terms of AUC, p-value and F1 score.<n>We extend our evaluation of SAC-JC to object recognition including Tiny-ImageNet and CIFAR10, which also demonstrates the superior performance of SAC-JC to previous methods.
  arXiv  Detail & Related papers  (2024-12-30T07:37:06Z)
• MergePrint: Robust Fingerprinting against Merging Large Language Models [1.9249287163937978]
  We propose a novel fingerprinting method MergePrint that embeds robust fingerprints designed to preserve ownership claims even after model merging. By optimizing against a pseudo-merged model, MergePrint generates fingerprints that remain detectable after merging. This approach provides a practical fingerprinting strategy for asserting ownership in cases of misappropriation through model merging.
  arXiv  Detail & Related papers  (2024-10-11T08:00:49Z)
• Instructional Fingerprinting of Large Language Models [57.72356846657551]
  We present a pilot study on fingerprinting Large language models (LLMs) as a form of very lightweight instruction tuning. Results on 11 popularly-used LLMs showed that this approach is lightweight and does not affect the normal behavior of the model. It also prevents publisher overclaim, maintains robustness against fingerprint guessing and parameter-efficient training, and supports multi-stage fingerprinting akin to MIT License.
  arXiv  Detail & Related papers  (2024-01-21T09:51:45Z)
• VeriDIP: Verifying Ownership of Deep Neural Networks through Privacy Leakage Fingerprints [16.564206424838485]
  Deploying Machine Learning as a Service gives rise to model plagiarism, leading to copyright infringement. We propose a novel ownership testing method called VeriDIP, which verifies a model's intellectual property.
  arXiv  Detail & Related papers  (2023-09-07T01:58:12Z)
• WOUAF: Weight Modulation for User Attribution and Fingerprinting in Text-to-Image Diffusion Models [32.29120988096214]
  This paper introduces a novel approach to model fingerprinting that assigns responsibility for the generated images. Our method modifies generative models based on each user's unique digital fingerprint, imprinting a unique identifier onto the resultant content that can be traced back to the user.
  arXiv  Detail & Related papers  (2023-06-07T19:44:14Z)
• On the Robustness of Dataset Inference [21.321310557323383]
  Machine learning (ML) models are costly to train as they can require a significant amount of data, computational resources and technical expertise. Ownership verification techniques allow the victims of model stealing attacks to demonstrate that a suspect model was in fact stolen from theirs. A fingerprinting technique, dataset inference (DI), has been shown to offer better robustness and efficiency than prior methods.
  arXiv  Detail & Related papers  (2022-10-24T22:17:55Z)
• Are You Stealing My Model? Sample Correlation for Fingerprinting Deep Neural Networks [86.55317144826179]
  Previous methods always leverage the transferable adversarial examples as the model fingerprint. We propose a novel yet simple model stealing detection method based on SAmple Correlation (SAC) SAC successfully defends against various model stealing attacks, even including adversarial training or transfer learning.
  arXiv  Detail & Related papers  (2022-10-21T02:07:50Z)
• FedIPR: Ownership Verification for Federated Deep Neural Network Models [31.459374163080994]
  Federated learning models must be protected against plagiarism since these models are built upon valuable training data owned by multiple institutions or people. This paper illustrates a novel federated deep neural network (FedDNN) ownership verification scheme that allows ownership signatures to be embedded and verified to claim legitimate intellectual property rights (IPR) of FedDNN models.
  arXiv  Detail & Related papers  (2021-09-27T12:51:24Z)
• Fingerprinting Image-to-Image Generative Adversarial Networks [53.02510603622128]
  Generative Adversarial Networks (GANs) have been widely used in various application scenarios. This paper presents a novel fingerprinting scheme for the Intellectual Property protection of image-to-image GANs based on a trusted third party.
  arXiv  Detail & Related papers  (2021-06-19T06:25:10Z)
• Responsible Disclosure of Generative Models Using Scalable Fingerprinting [70.81987741132451]
  Deep generative models have achieved a qualitatively new level of performance. There are concerns on how this technology can be misused to spoof sensors, generate deep fakes, and enable misinformation at scale. Our work enables a responsible disclosure of such state-of-the-art generative models, that allows researchers and companies to fingerprint their models.
  arXiv  Detail & Related papers  (2020-12-16T03:51:54Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.