Authors: Dario Pasquini, Evgenios M. Kornaropoulos, Giuseppe Ateniese
Abstract: We introduce LLMmap, a first-generation fingerprinting attack targeted at
LLM-integrated applications. LLMmap employs an active fingerprinting approach,
sending carefully crafted queries to the application and analyzing the
responses to identify the specific LLM model in use. With as few as 8
interactions, LLMmap can accurately identify LLMs with over 95% accuracy. More
importantly, LLMmap is designed to be robust across different application
layers, allowing it to identify LLMs operating under various system prompts,
stochastic sampling hyperparameters, and even complex generation frameworks
such as RAG or Chain-of-Thought.
Source: http://arxiv.org/abs/2407.15847v1
