Attacks and Defenses Against LLM Fingerprinting
This addresses privacy and security risks for users of large language models in sensitive deployments, though it appears incremental as it builds on existing fingerprinting concepts.
The paper tackles the problem of LLM fingerprinting attacks in sensitive environments by developing both offensive and defensive methods. Their attack uses reinforcement learning to optimize query selection, achieving better fingerprinting accuracy with only 3 queries compared to random selection, while their defense employs semantic-preserving output filtering to reduce fingerprinting accuracy while maintaining output quality.
As large language models are increasingly deployed in sensitive environments, fingerprinting attacks pose significant privacy and security risks. We present a study of LLM fingerprinting from both offensive and defensive perspectives. Our attack methodology uses reinforcement learning to automatically optimize query selection, achieving better fingerprinting accuracy with only 3 queries compared to randomly selecting 3 queries from the same pool. Our defensive approach employs semantic-preserving output filtering through a secondary LLM to obfuscate model identity while maintaining semantic integrity. The defensive method reduces fingerprinting accuracy across tested models while preserving output quality. These contributions show the potential to improve fingerprinting tools capabilities while providing practical mitigation strategies against fingerprinting attacks.