LLM-FIN: Large Language Models Fingerprinting Attack on Edge Devices

Najmeh Nazari1, Furi Xiang1, Chongzhou Fang2, Hosein Mohammadi Makrani2, Aditya Puri1, Kartik Patwari1, Hossein Sayadi3, Setareh Rafatirad4, Chen-Nee Chuah1, Houman Homayoun4
1UC Davis, 2University of California, Davis, 3California State University, Long Beach, 4University of California Davis


Abstract

The deployment of Large Language Models (LLMs) into edge and embedded devices marks a transformative step in integrating Artificial Intelligence (AI) into real-world applications. This integration is crucial as it enables efficient, localized processing, reducing reliance on cloud computing and enhancing data privacy by keeping sensitive information on the device. In the domain of machine learning (ML) security, concealing the architecture of LLMs is imperative. Shielding the architecture protects intellectual property and thwarts malicious attempts to exploit model-specific weaknesses. Our research proposes an efficient fingerprinting method tailored to identify the architectural family of LLMs specifically within edge and embedded devices. Uniquely, our technique hinges on analyzing memory usage patterns, one of the few accessible data points in a secured edge environment. Employing a supervised machine learning classifier, our methodology demonstrates remarkable efficacy, achieving over 95% accuracy in classifying known LLMs into their architectural families. Notably, it also exhibits robust adaptability, accurately identifying previously unseen models. By focusing on memory usage patterns, our approach paves the way for a new dimension in understanding and securing AI on edge devices, balancing the need for open functionality and essential confidentiality.