LoBAM: LoRA-Based Backdoor Attack on Model Merging
Ming Yin, Jingyang Zhang, Jingwei Sun, Minghong Fang, Hai Li, Yiran Chen
TL;DR
This paper introduces LoBAM, a novel backdoor attack method on model merging that remains effective even when using resource-efficient techniques like LoRA, highlighting new security risks in model integration.
Contribution
LoBAM is a new attack method that amplifies malicious weights to achieve high success rates with limited training resources in model merging scenarios.
Findings
LoBAM achieves high attack success rates with minimal resources.
The attack remains stealthy and hard to detect.
Effectiveness demonstrated across various model merging scenarios.
Abstract
Model merging is an emerging technique that integrates multiple models fine-tuned on different tasks to create a versatile model that excels in multiple domains. This scheme, in the meantime, may open up backdoor attack opportunities where one single malicious model can jeopardize the integrity of the merged model. Existing works try to demonstrate the risk of such attacks by assuming substantial computational resources, focusing on cases where the attacker can fully fine-tune the pre-trained model. Such an assumption, however, may not be feasible given the increasing size of machine learning models. In practice where resources are limited and the attacker can only employ techniques like Low-Rank Adaptation (LoRA) to produce the malicious model, it remains unclear whether the attack can still work and pose threats. In this work, we first identify that the attack efficacy is…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Smart Grid Security and Resilience · Formal Methods in Verification