Search papers, labs, and topics across Lattice.
This paper introduces a data-agnostic method for detecting backdoors in LoRA adapters by directly analyzing their weight matrices, addressing the limitations of existing methods that require running the model with test input data. The approach extracts statistical features from the singular values of the weight matrices, including concentration, entropy, and distribution shape, to identify anomalies indicative of backdoor attacks. Evaluated on 500 LoRA adapters for Llama-3.2-3B, the method achieves 97% detection accuracy with a false positive rate below 2%.
Spot poisoned LoRA adapters without running them: a weight-space analysis achieves 97% accuracy in detecting backdoors, even when the trigger is unknown.
LoRA adapters let users fine-tune large language models (LLMs) efficiently. However, LoRA adapters are shared through open repositories like Hugging Face Hub \citep{huggingface_hub_docs}, making them vulnerable to backdoor attacks. Current detection methods require running the model with test input data -- making them impractical for screening thousands of adapters where the trigger for backdoor behavior is unknown. We detect poisoned adapters by analyzing their weight matrices directly, without running the model -- making our method data-agnostic. Our method extracts simple statistics -- how concentrated the singular values are, their entropy, and the distribution shape -- and flags adapters that deviate from normal patterns. We evaluate the method on 500 LoRA adapters -- 400 clean, and 100 poisoned for Llama-3.2-3B on instruction and reasoning datasets: Alpaca, Dolly, GSM8K, ARC-Challenge, SQuADv2, NaturalQuestions, HumanEval, and GLUE dataset. We achieve 97\% detection accuracy with less than 2\% false positives.
