LoRA as Oracle

Backdoored and privacy-leaking deep neural networks pose a serious threat to the deployment of machine learning systems in security-critical settings. Existing defenses for backdoor detection and membership inference typically require access to clean reference models, extensive retraining, or strong assumptions about the attack mechanism. In this work, we introduce a novel LoRA-based oracle framework that leverages low-rank adaptation modules as a lightweight, model-agnostic probe for both backdoor detection and membership inference. Our approach attaches task-specific LoRA adapters to a frozen backbone and analyzes their optimization dynamics and representation shifts when exposed to suspicious samples. We show that poisoned and member samples induce distinctive low-rank updates that differ significantly from those generated by clean or non-member data. These signals can be measured using simple ranking and energy-based statistics, enabling reliable inference without access to the original training data or modification of the deployed model.

Key Contributions

• LoRA-based oracle framework that attaches lightweight adapters to frozen backbones to probe both backdoor presence and training membership without retraining or access to original data.
• Demonstrates that poisoned and member samples induce statistically distinctive low-rank update patterns measurable via ranking and energy-based statistics.
• Model-agnostic auditing approach applicable to large pre-trained models including LLMs, requiring no clean reference model or original training set.

🛡️ Threat Analysis

Details

Similar Papers