PREE: Towards Harmless and Adaptive Fingerprint Editing in Large Language Models via Knowledge Prefix Enhancement

Addressing the intellectual property protection challenges in commercial deployment of large language models (LLMs), existing black-box fingerprinting techniques face dual challenges from incremental fine-tuning erasure and feature-space defense due to their reliance on overfitting high-perplexity trigger patterns. Recent work has revealed that model editing in the fingerprinting domain offers distinct advantages, including significantly lower false positive rates, enhanced harmlessness, and superior robustness. Building on this foundation, this paper innovatively proposes a $\textbf{Pr}$efix-$\textbf{e}$nhanced Fingerprint $\textbf{E}$diting Framework (PREE), which encodes copyright information into parameter offsets through dual-channel knowledge edit to achieve covert embedding of fingerprint features. Experimental results demonstrate that the proposed solution achieves the 90\% trigger precision in mainstream architectures including LLaMA-3 and Qwen-2.5. The minimal parameter offset (change rate < 0.03) effectively preserves original knowledge representation while demonstrating strong robustness against incremental fine-tuning and multi-dimensional defense strategies, maintaining zero false positive rate throughout evaluations.

Key Contributions

• Stealthy backdoor knowledge construction algorithm using virtual scenario prefixes with dynamic prefix selection to ensure semantic coherence of injected fingerprint knowledge
• Dual-channel knowledge editing algorithm that establishes constraints for both old and new knowledge, ensuring fingerprint embedding does not degrade original model performance
• Demonstrated robustness against incremental fine-tuning erasure, gradient masking defenses, and model pruning with zero false positive rate on LLaMA-3 and Qwen-2.5

🛡️ Threat Analysis

Details

Similar Papers