Watch Out for the Lifespan: Evaluating Backdoor Attacks Against Federated Model Adaptation

TL;DR

This paper analyzes how Low-Rank Adaptation (LoRA) influences backdoor attack longevity in federated learning, revealing that lower LoRA ranks can lead to longer-lasting backdoors and highlighting evaluation challenges in this security context.

Contribution

It is the first study to examine the impact of LoRA on backdoor attack lifespan in federated learning, providing insights into attack persistence and evaluation issues.

Findings

Lower LoRA ranks lead to longer backdoor persistence.

Evaluation of backdoor attacks in FL has significant challenges.

Highlights need for more robust security assessments.

Abstract

Large models adaptation through Federated Learning (FL) addresses a wide range of use cases and is enabled by Parameter-Efficient Fine-Tuning techniques such as Low-Rank Adaptation (LoRA). However, this distributed learning paradigm faces several security threats, particularly to its integrity, such as backdoor attacks that aim to inject malicious behavior during the local training steps of certain clients. We present the first analysis of the influence of LoRA on state-of-the-art backdoor attacks targeting model adaptation in FL. Specifically, we focus on backdoor lifespan, a critical characteristic in FL, that can vary depending on the attack scenario and the attacker's ability to effectively inject the backdoor. A key finding in our experiments is that for an optimally injected backdoor, the backdoor persistence after the attack is longer when the LoRA's rank is lower. Importantly, our work highlights evaluation issues of backdoor attacks against FL and contributes to the development of more robust and fair evaluations of backdoor attacks, enhancing the reliability of risk assessments for critical FL systems. Our code is publicly available.