Does Low Rank Adaptation Lead to Lower Robustness against Training-Time Attacks?

Zi Liang; Haibo Hu; Qingqing Ye; Yaxin Xiao; Ronghua Li

doi:10.48550/arXiv.2505.12871

Does Low Rank Adaptation Lead to Lower Robustness against Training-Time Attacks?

Zi Liang
, Haibo Hu
, Qingqing Ye
, Yaxin Xiao
, Ronghua Li

Research output: Journal article publication › Conference article › Academic research › peer-review

Abstract

Low rank adaptation (LoRA) has emerged as a prominent technique for fine-tuning large language models (LLMs) thanks to its superb efficiency gains over previous methods. While extensive studies have examined the performance and structural properties of LoRA, its behavior upon training-time attacks remain underexplored, posing significant security risks. In this paper, we theoretically investigate the security implications of LoRA’s low-rank structure during fine-tuning, in the context of its robustness against data poisoning and backdoor attacks. We propose an analytical framework that models LoRA’s training dynamics, employs the neural tangent kernel to simplify the analysis of the training process, and applies information theory to establish connections between LoRA’s low rank structure and its vulnerability against training-time attacks. Our analysis indicates that LoRA exhibits better robustness to backdoor attacks than full fine-tuning, while becomes more vulnerable to untargeted data poisoning due to its over-simplified information geometry. Extensive experimental evaluations have corroborated our theoretical findings.

Original language	English
Pages (from-to)	37181-37207
Number of pages	27
Journal	Proceedings of Machine Learning Research
Volume	267
DOIs	https://doi.org/10.48550/arXiv.2505.12871
Publication status	Published - May 2025
Event	42nd International Conference on Machine Learning, ICML 2025 - Vancouver, Canada Duration: 13 Jul 2025 → 19 Jul 2025

ASJC Scopus subject areas

Software
Control and Systems Engineering
Statistics and Probability
Artificial Intelligence

More information

10.48550/arXiv.2505.12871

Cite this

@article{a74a737c33d04664b1da97fb964fe73c,

title = "Does Low Rank Adaptation Lead to Lower Robustness against Training-Time Attacks?",

abstract = "Low rank adaptation (LoRA) has emerged as a prominent technique for fine-tuning large language models (LLMs) thanks to its superb efficiency gains over previous methods. While extensive studies have examined the performance and structural properties of LoRA, its behavior upon training-time attacks remain underexplored, posing significant security risks. In this paper, we theoretically investigate the security implications of LoRA{\textquoteright}s low-rank structure during fine-tuning, in the context of its robustness against data poisoning and backdoor attacks. We propose an analytical framework that models LoRA{\textquoteright}s training dynamics, employs the neural tangent kernel to simplify the analysis of the training process, and applies information theory to establish connections between LoRA{\textquoteright}s low rank structure and its vulnerability against training-time attacks. Our analysis indicates that LoRA exhibits better robustness to backdoor attacks than full fine-tuning, while becomes more vulnerable to untargeted data poisoning due to its over-simplified information geometry. Extensive experimental evaluations have corroborated our theoretical findings.",

author = "Zi Liang and Haibo Hu and Qingqing Ye and Yaxin Xiao and Ronghua Li",

note = "Publisher Copyright: {\textcopyright} 2025, by the authors.; 42nd International Conference on Machine Learning, ICML 2025 ; Conference date: 13-07-2025 Through 19-07-2025",

year = "2025",

month = may,

doi = "10.48550/arXiv.2505.12871",

language = "English",

volume = "267",

pages = "37181--37207",

journal = "Proceedings of Machine Learning Research",