Update README.md
Browse files
README.md
CHANGED
|
@@ -1,6 +1,38 @@
|
|
| 1 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
|
| 3 |
-
This repository contains three T5 detectors for PEFTGuard.
|
| 4 |
|
| 5 |
## Models
|
| 6 |
|
|
|
|
| 1 |
+
# PEFTGuard Meta-Classifier Weights
|
| 2 |
+
|
| 3 |
+
This repository hosts the meta-classifier weights for **[PEFTGuard: Detecting Backdoor Attacks Against Parameter-Efficient Fine-Tuning](https://doi.ieeecomputersociety.org/10.1109/SP61157.2025.00161)** (SP'25).
|
| 4 |
+
|
| 5 |
+
Currently, only three T5-base model classifiers are available due to size constraints. More models are being gradually uploaded. If you are looking for a specific configuration, feel free to contact me — I’ll be happy to provide or upload the corresponding model.
|
| 6 |
+
|
| 7 |
+
## Available Models
|
| 8 |
+
|
| 9 |
+
- `t5_base1/`: Meta-classifier trained on T5 base model 1
|
| 10 |
+
- `t5_base2/`: Meta-classifier trained on T5 base model 2
|
| 11 |
+
- `t5_base3/`: Meta-classifier trained on T5 base model 3
|
| 12 |
+
|
| 13 |
+
## Notes
|
| 14 |
+
|
| 15 |
+
As discussed in the paper, the performance and compatibility of PEFTGuard are currently **constrained by the specific target projection matrices, base models, and training datasets** used in PEFT Adapter fine-tuning. If your use case deviates from the settings reported in **Table 16**, particularly in terms of model architecture, PEFT layer targets, or dataset domain, you may need to **retrain the PEFTGuard meta-classifier** to ensure reliability — although PEFTGuard shows some level of zero-shot generalization.
|
| 16 |
+
|
| 17 |
+
## Citation
|
| 18 |
+
|
| 19 |
+
If you use these models in your research, please cite our paper:
|
| 20 |
+
|
| 21 |
+
```bibtex
|
| 22 |
+
@inproceedings{PEFTGuard2025,
|
| 23 |
+
author = {Sun, Zhen and Cong, Tianshuo and Liu, Yule and Lin, Chenhao and
|
| 24 |
+
He, Xinlei and Chen, Rongmao and Han, Xingshuo and Huang, Xinyi},
|
| 25 |
+
title = {{PEFTGuard: Detecting Backdoor Attacks Against Parameter-Efficient Fine-Tuning}},
|
| 26 |
+
booktitle = {2025 IEEE Symposium on Security and Privacy (SP)},
|
| 27 |
+
year = {2025},
|
| 28 |
+
pages = {1620--1638},
|
| 29 |
+
doi = {10.1109/SP61157.2025.00161},
|
| 30 |
+
url = {https://doi.ieeecomputersociety.org/10.1109/SP61157.2025.00161},
|
| 31 |
+
publisher = {IEEE Computer Society},
|
| 32 |
+
address = {Los Alamitos, CA, USA},
|
| 33 |
+
month = May,
|
| 34 |
+
}
|
| 35 |
|
|
|
|
| 36 |
|
| 37 |
## Models
|
| 38 |
|