MEraser: An Effective Fingerprint Erasure Approach for Large Language Models (2025.acl-long)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have raised critical concerns about model ownership and intellectual property protection. |
| Approach: | They propose a method for effectively removing backdoor-based fingerprints from LLMs . they propose deleting backdoor fingerprints using a transferable erasure mechanism . |
| Outcome: | The proposed method removes backdoor-based fingerprints while maintaining model performance. |
Similar Papers
Inhibitory Attacks on Backdoor-based Fingerprinting for Large Language Models (2026.acl-long)
Copied to clipboard
| Challenge: | Backdoor-based LLM fingerprinting is a promising solution for intellectual property protection . however, the vulnerability of existing LLMs for the ensemble scenario is unexplored . |
| Approach: | They propose two new fingerprinting attack methods to assess the robustness of LLM fingerprinting by token filter attack and sentence verification attack. |
| Outcome: | The proposed methods inhibit the fingerprint response while maintaining ensemble performance. |
Instructional Fingerprinting of Large Language Models (2024.naacl-long)
Copied to clipboard
| Challenge: | Large language models (LLMs) require considerable cost to train from scratch . fingerprinting is essential to protect intellectual property and to ensure downstream users and developers adhere to their license terms. |
| Approach: | They propose a method for fingerprinting Large language models that implants a private key into the model to generate specific text when the key is present. |
| Outcome: | The proposed method prevents publisher overclaim and maintains robustness against fingerprint guessing and parameter-efficient training. |
ImF: Embedding an Implicit Fingerprint in Your Large Language Models (2026.acl-long)
Copied to clipboard
| Challenge: | Training and serving large language models (LLMs) is resource-intensive, making reliable intellectual property protection and black-box ownership verification increasingly important. |
| Approach: | They propose a method to inject a small set of secret query–response behaviors into model fingerprinting . they encode ownership information into a natural-looking target response and derive a semantically aligned query . |
| Outcome: | The proposed fingerprints improve stealthiness and remain verifiable under model updates and deployment-time prompt interventions. |
MergePrint: Merge-Resistant Fingerprints for Robust Black-box Ownership Verification of Large Language Models (2025.acl-long)
Copied to clipboard
| Challenge: | Model merging introduces a novel risk of unauthorized use of large language models due to the high cost of training. |
| Approach: | They propose a model merging method that embeds robust fingerprints into models . they aim to protect LLMs from misappropriation via model merg and model theft . |
| Outcome: | The proposed method enables black-box ownership verification without accessing model weights or intermediate outputs. |
ESF: Efficient Sensitive Fingerprinting for Black-Box Tamper Detection of Large Language Models (2025.findings-acl)
Copied to clipboard
| Challenge: | Large language models (LLMs) are increasingly utilized in diverse applications, including code generation, legal document analysis, medical diagnosis, and decision-making. |
| Approach: | They propose a fingerprinting method tailored for black-box tamper detection of large language models. |
| Outcome: | The proposed method detects tampering with a 99.2% detection rate using 5 fingerprint samples across state-of-the-art LLMs. |
Fingerprinting LLMs via Prompt Injection (2026.acl-long)
Copied to clipboard
Yuepeng Hu, Zhengyuan Jiang, Mengyuan Li, Osama Ahmed, Zhicong Huang, Cheng Hong, Neil Zhenqiang Gong
| Challenge: | Existing provenance detection methods for large language models are infeasible for already published models and compare outputs using hand-crafted or random prompts. |
| Approach: | They propose a detection framework that constructs fingerprints by exploiting LLMs’ inherent vulnerability to prompt injection. |
| Outcome: | The proposed framework achieves high true positive rates while keeping false positive rates near zero. |
Unlocking the Effectiveness of LoRA-FP for Seamless Transfer Implantation of Fingerprints in Downstream Models (2025.findings-emnlp)
Copied to clipboard
| Challenge: | lightweight plug-and-play framework that encodes backdoor fingerprints into LoRA adapters . |
| Approach: | proposed framework encodes backdoor fingerprints into LoRA adapters via constrained fine-tuning . enables seamless fingerprint transplantation through parameter fusion, eliminating full-parameter updates while maintaining integrity. |
| Outcome: | The proposed framework achieves superior robustness against various scenarios while reducing computational overhead compared to traditional approaches. |
CTCC: A Robust and Stealthy Fingerprinting Framework for Large Language Models via Cross-Turn Contextual Correlation Backdoor (2025.emnlp-main)
Copied to clipboard
| Challenge: | Existing methods for fingerprinting model ownership traces are vulnerable to illegal plagiarism and are not reliable. |
| Approach: | They propose a rule-driven fingerprinting framework that encodes contextual correlations across multiple dialogue turns. |
| Outcome: | The proposed framework achieves stronger stealth and robustness than previous work. |
RESF: Regularized-Entropy-Sensitive Fingerprinting for Black-Box Tamper Detection of Large Language Models (2025.emnlp-main)
Copied to clipboard
| Challenge: | Existing methods for tamper detection rely on model stability, not inherently stochastic models. |
| Approach: | They propose a hypothesis-testing method for black-box tamper detection for LLMs . they propose regularized entropy-sensitive fingerprinting to enable efficient fingerprinting . |
| Outcome: | The proposed method achieves 98.80% detection accuracy under challenging conditions . it is based on a first-order surrogate for KL divergence to identify prompts most responsive to parameter perturbations. |
LLMs are Privacy Erasable (2025.findings-emnlp)
Copied to clipboard
| Challenge: | a new study examines the privacy of large language models and their capabilities . the study aims to address the balance between the convenience of LLMs and user privacy concerns . |
| Approach: | They propose a strategy that safeguards user prompt while accessing LLM cloud services . they evaluate the efficacy of their method across prominent LLM benchmarks . |
| Outcome: | The proposed method thwarts reconstruction attacks and improves model performance . it also surpasses the results reported in official model cards . |