Large language models (LLMs) have attracted significant attention in recent years. Due to their "Large" nature, training LLMs from scratch consumes immense computational resources. Since several major players in the artificial intelligence (AI) field have open-sourced their original LLMs, an increasing number of individual researchers and smaller companies are able to build derivative LLMs based on these open-sourced models at much lower costs. However, this practice opens up possibilities for unauthorized use or reproduction that may not comply with licensing agreements, and deriving models can change the model's behavior, thus complicating the determination of model ownership. Current copyright protection schemes for LLMs are either designed for white-box settings or require additional modifications to the original model, which restricts their use in real-world settings. In this paper, we propose ProFLingo, a black-box fingerprinting-based copyright protection scheme for LLMs. ProFLingo generates adversarial examples (AEs) that can represent the unique decision boundary characteristics of an original model, thereby establishing unique fingerprints. Our scheme checks the effectiveness of these adversarial examples on a suspect model to determine whether it has been derived from the original model. ProFLingo offers a non-invasive approach, which neither requires knowledge of the suspect model nor modifications to the base model or its training process. To the best of our knowledge, our method represents the first black-box fingerprinting technique for copyright protection for LLMs. Our source code and generated AEs are available at: https://github.com/hengvt/ProFLingo_arXiv.

翻译：大型语言模型（LLMs）近年来受到广泛关注。由于其“大”的特性，从头训练LLMs需消耗海量计算资源。随着人工智能领域的多个主要参与者开源其原始LLMs，越来越多的独立研究者和小型企业能够基于这些开源模型以更低成本构建衍生LLMs。然而，此举可能引发未经授权使用或复制的风险，且衍生模型会改变原始模型的行为，从而增加模型所有权判定的复杂性。当前针对LLMs的版权保护方案要么专为白盒场景设计，要么需对原始模型进行额外修改，限制了其在真实场景中的应用。本文提出ProFLingo——一种基于黑盒指纹的LLMs版权保护方案。ProFLingo通过生成能表征原始模型独特决策边界特征的对抗样本（AEs），构建独特的指纹。该方案通过检测可疑模型上这些对抗样本的有效性，判断其是否衍生自原始模型。ProFLingo采用非侵入式方法，既无需知晓可疑模型内部结构，也无需修改基础模型或其训练过程。据我们所知，本方法首次将黑盒指纹技术应用于LLMs版权保护。相关源代码及生成的对抗样本已开源：https://github.com/hengvt/ProFLingo_arXiv。