vTune: Verifiable Fine-Tuning for LLMs Through Backdooring

TL;DR

vTune is a verification method for fine-tuned large language models that uses backdoor data points to statistically confirm proper fine-tuning, scalable to state-of-the-art models and resistant to attacks.

Contribution

This paper introduces vTune, a scalable and robust verification technique for LLM fine-tuning using backdoor data points and statistical testing.

Findings

Statistical test with p-values around 10^{-40} confirms fine-tuning.

No negative impact on downstream task performance.

Robustness demonstrated against various attack attempts.

Abstract

As fine-tuning large language models (LLMs) becomes increasingly prevalent, users often rely on third-party services with limited visibility into their fine-tuning processes. This lack of transparency raises the question: how do consumers verify that fine-tuning services are performed correctly? For instance, a service provider could claim to fine-tune a model for each user, yet simply send all users back the same base model. To address this issue, we propose vTune, a simple method that uses a small number of backdoor data points added to the training data to provide a statistical test for verifying that a provider fine-tuned a custom model on a particular user's dataset. Unlike existing works, vTune is able to scale to verification of fine-tuning on state-of-the-art LLMs, and can be used both with open-source and closed-source models. We test our approach across several model families and sizes as well as across multiple instruction-tuning datasets, and find that the statistical test is satisfied with p-values on the order of $\sim 10^{-40}$, with no negative impact on downstream task performance. Further, we explore several attacks that attempt to subvert vTune and demonstrate the method's robustness to these attacks.