KinGuard: Hierarchical Kinship-Aware Fingerprinting to Defend Against Large Language Model Stealing

TL;DR

KinGuard introduces a novel kinship-aware fingerprinting framework that embeds structured knowledge into language models, enabling robust, stealthy, and resilient ownership verification against various attacks.

Contribution

The paper proposes KinGuard, a knowledge-based embedding approach that overcomes the limitations of traditional backdoor fingerprinting for LLM ownership verification.

Findings

KinGuard outperforms existing methods in effectiveness and stealth.

It remains resilient against fine-tuning, input perturbation, and model merging attacks.

Knowledge embedding provides a secure paradigm for model fingerprinting.

Abstract

Protecting the intellectual property of large language models requires robust ownership verification. Conventional backdoor fingerprinting, however, is flawed by a stealth-robustness paradox: to be robust, these methods force models to memorize fixed responses to high-perplexity triggers, but this targeted overfitting creates detectable statistical artifacts. We resolve this paradox with KinGuard, a framework that embeds a private knowledge corpus built on structured kinship narratives. Instead of memorizing superficial triggers, the model internalizes this knowledge via incremental pre-training, and ownership is verified by probing its conceptual understanding. Extensive experiments demonstrate KinGuard's superior effectiveness, stealth, and resilience against a battery of attacks including fine-tuning, input perturbation, and model merging. Our work establishes knowledge-based embedding as a practical and secure paradigm for model fingerprinting.