FIT-Print: Towards False-claim-resistant Model Ownership Verification via Targeted Fingerprint

Researchers introduce FIT-Print, a new model fingerprinting technique that defends against false ownership claims on AI models by using targeted signatures rather than arbitrary outputs. The method achieves 100% success in preventing fraudulent ownership assertions while maintaining perfect legitimate verification rates, addressing a critical vulnerability in existing intellectual property protection mechanisms for machine learning models.

Model fingerprinting represents a vital frontier in protecting machine learning intellectual property, yet existing approaches suffer from a fundamental architectural flaw: they lack specificity in their verification mechanisms. FIT-Print directly addresses this vulnerability by implementing targeted fingerprinting that requires adversaries to align with predefined reference signatures rather than simply mimicking general model behavior. This distinction proves critical because untargeted methods inadvertently allow fraudsters to claim ownership of unrelated models by exploiting statistical similarities in output patterns.

The vulnerability stems from how intellectual property verification has traditionally operated in the AI space. As open-source models proliferate and become increasingly valuable, bad actors exploit loose verification standards to fraudulently assert ownership over legitimate third-party work. Existing fingerprinting techniques, while innovative, were designed primarily to identify model reuse rather than definitively prove ownership attribution. FIT-Print inverts this paradigm by making false claims mathematically difficult through optimization-based targeted signatures.

The technical approach leverages two complementary strategies: bit-wise FIT-ModelDiff uses output distance metrics while list-wise FIT-LIME employs feature attribution analysis. This dual methodology provides redundancy against evasion attempts. The benchmark results demonstrate exceptional performance across verification metrics, suggesting the framework generalizes effectively beyond controlled testing environments.

For the AI development ecosystem, FIT-Print enables stronger IP protection mechanisms that could accelerate open-source model sharing by reducing ownership dispute risks. Developers and organizations investing in model development gain meaningful recourse against intellectual property theft. The framework's black-box compatibility ensures widespread adoption potential, as it requires no modification to protected models themselves, addressing practical deployment concerns.

• →FIT-Print achieves 100% false claim defense success rate while maintaining perfect legitimate verification accuracy
• →The method uses targeted fingerprinting rather than arbitrary outputs, fundamentally addressing vulnerabilities in existing techniques
• →Two complementary approaches (bit-wise and list-wise) provide redundancy against evasion strategies
• →Black-box compatibility enables practical deployment without modifying protected models
• →Framework demonstrates zero false alarms on independent models while verifying ownership across diverse reuse techniques