AttnDiff: Attention-based Differential Fingerprinting for Large Language Models

Protecting the intellectual property of open-weight large language models (LLMs) requires verifying whether a suspect model is derived from a victim model despite common laundering operations such as fine-tuning (including PPO/DPO), pruning/compression, and model merging. We propose \textsc{AttnDiff}, a data-efficient white-box framework that extracts fingerprints from models via intrinsic information-routing behavior. \textsc{AttnDiff} probes minimally edited prompt pairs that induce controlled semantic conflicts, captures differential attention patterns, summarizes them with compact spectral descriptors, and compares models using CKA. Across Llama-2/3 and Qwen2.5 (3B--14B) and additional open-source families, it yields high similarity for related derivatives while separating unrelated model families (e.g., $>0.98$ vs.\ $<0.22$ with $M=60$ probes). With 5--60 multi-domain probes, it supports practical provenance verification and accountability.

Key Contributions

• Differential attention-based fingerprinting framework using minimally perturbed prompt pairs that induce semantic conflicts
• Spectral descriptors of attention patterns compared via CKA for robust model similarity measurement
• Data-efficient verification (5-60 probes) robust to fine-tuning (PPO/DPO), pruning, compression, and model merging

🛡️ Threat Analysis

Details

Similar Papers