Towards the Resistance of Neural Network Fingerprinting to Fine-tuning

Ling Tang; YueFeng Chen; Hui Xue; Quanshi Zhang

Towards the Resistance of Neural Network Fingerprinting to Fine-tuning

Ling Tang, YueFeng Chen, Hui Xue, Quanshi Zhang

Published: 18 Sept 2025, Last Modified: 29 Oct 2025NeurIPS 2025 posterEveryoneRevisionsBibTeXCC BY 4.0

Keywords: Neural Network Fingerprinting, Fourier analysis

TL;DR: This paper proves that specific frequency components of convolutional filters are robust to fine-tuning and uses them as neural network fingerprinting.

Abstract: This paper proves a new fingerprinting method to embed the ownership information into a deep neural network (DNN) with theoretically guaranteed robustness to fine-tuning. Specifically, we prove that when the input feature of a convolutional layer only contains low-frequency components, specific frequency components of the convolutional filter will not be changed by gradient descent during the fine-tuning process, where we propose a revised Fourier transform to extract frequency components from the convolutional filter. Additionally, we also prove that these frequency components are equivariant to weight scaling and weight permutations. In this way, we design a fingerprint module to embed the fingerprint information into specific frequency components of convolutional filters. Preliminary experiments demonstrate the effectiveness of our method.

Primary Area: Theory (e.g., control theory, learning theory, algorithmic game theory)

Submission Number: 6403

Loading