Defending large language models against adversarial attacks using watermarking

Abstract

This project investigates fingerprinting techniques for Large Language Models (LLMs) to ensure secure model attribution while preserving performance and efficiency. We evaluate several existing methods, including Instructional Fingerprinting (IF), and show that they are vulnerable to adversarial unlearning attacks which can effectively erase the embedded fingerprints. In contrast, our proposed approach, which employs AES encryption to encode predefined trigger-response pairs, proves robust against such attacks by preserving fingerprint integrity even after adversarial interference. Empirical results show that fingerprinted models not only retain their generation quality—with improved perplexity scores indicating better fluency and coherence—but also incur minimal inference latency overhead, confirming the harmlessness and efficiency of the method. These findings highlight the viability of AES-based fingerprinting as a reliable and tamper-resistant mechanism for securing LLMs, paving the way for more accountable and secure deployment in real-world applications.