We propose IrisFP, a novel adversarial-example-based model fingerprinting framework that enhances both uniqueness and robustness by leveraging multi-boundary characteristics, multi-sample behaviors, and fingerprint discriminative power assessment to generate composite-sample fingerprints. Three key innovations make IrisFP outstanding: 1) It positions fingerprints near the intersection of all decision boundaries - unlike prior methods that target a single boundary - thus increasing the prediction margin without placing fingerprints deep inside target class regions, enhancing both robustness and uniqueness; 2) It constructs composite-sample fingerprints, each comprising multiple samples close to the multi-boundary intersection, to exploit collective behavior patterns and further boost uniqueness; and 3) It assesses the discriminative power of generated fingerprints using statistical separability metrics developed based on two reference model sets, respectively, for pirated and independently-trained models, retains the fingerprints with high discriminative power, and assigns fingerprint-specific thresholds to such retained fingerprints. Extensive experiments show that IrisFP consistently outperforms state-of-the-art methods, achieving reliable ownership verification by enhancing both robustness and uniqueness.

翻译：我们提出IrisFP，一种新颖的基于对抗样本的模型指纹识别框架，通过利用多边界特征、多样本行为和指纹判别能力评估来生成复合样本指纹，从而增强独特性和鲁棒性。三项关键创新使IrisFP脱颖而出：1）它将指纹定位在所有决策边界的交集附近——与先前针对单一边界的方法不同——从而在不将指纹深置于目标类别区域的情况下增加预测间隔，同时增强鲁棒性和独特性；2）它构建复合样本指纹，每个指纹包含多个靠近多边界交集的样本，以利用集体行为模式并进一步提升独特性；3）它基于针对盗版模型和独立训练模型分别开发的两个参考模型集，使用统计可分性度量评估生成指纹的判别能力，保留具有高判别能力的指纹，并为这些保留的指纹分配指纹特定阈值。大量实验表明，IrisFP在提升鲁棒性和独特性方面始终优于最先进方法，实现了可靠的版权验证。