{"id":"https://openalex.org/W7133784516","doi":"https://doi.org/10.1109/tifs.2026.3671126","title":"A Fine-Tuning Data Recovery Attack on Generative Language Models via Backdooring","display_name":"A Fine-Tuning Data Recovery Attack on Generative Language Models via Backdooring","publication_year":2026,"publication_date":"2026-01-01","ids":{"openalex":"https://openalex.org/W7133784516","doi":"https://doi.org/10.1109/tifs.2026.3671126"},"language":null,"primary_location":{"id":"doi:10.1109/tifs.2026.3671126","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2026.3671126","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5128139777","display_name":"Zhenya Ma","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zhenya Ma","raw_affiliation_strings":["Department of Computer Science and Technology, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Technology, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037386169","display_name":"Yongheng Deng","orcid":"https://orcid.org/0000-0003-3010-3812"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yongheng Deng","raw_affiliation_strings":["Department of Computer Science and Technology, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Technology, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101278717","display_name":"Ziqing Qiao","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ziqing Qiao","raw_affiliation_strings":["Department of Computer Science and Technology, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Technology, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100710695","display_name":"Quan Zhang","orcid":"https://orcid.org/0000-0001-8749-2156"},"institutions":[{"id":"https://openalex.org/I66867065","display_name":"East China Normal University","ror":"https://ror.org/02n96ep67","country_code":"CN","type":"education","lineage":["https://openalex.org/I66867065"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Quan Zhang","raw_affiliation_strings":["Software Engineering Institute, East China Normal University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Software Engineering Institute, East China Normal University, Shanghai, China","institution_ids":["https://openalex.org/I66867065"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004909890","display_name":"Chijin Zhou","orcid":"https://orcid.org/0000-0002-6446-247X"},"institutions":[{"id":"https://openalex.org/I66867065","display_name":"East China Normal University","ror":"https://ror.org/02n96ep67","country_code":"CN","type":"education","lineage":["https://openalex.org/I66867065"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chijin Zhou","raw_affiliation_strings":["Software Engineering Institute, East China Normal University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Software Engineering Institute, East China Normal University, Shanghai, China","institution_ids":["https://openalex.org/I66867065"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128164242","display_name":"Fan Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I139660479","display_name":"Central South University","ror":"https://ror.org/00f1zfq44","country_code":"CN","type":"education","lineage":["https://openalex.org/I139660479"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Fan Wu","raw_affiliation_strings":["School of Computer Science and Engineering, Central South University, Changsha, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Central South University, Changsha, China","institution_ids":["https://openalex.org/I139660479"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118900073","display_name":"Y. Zhang","orcid":"https://orcid.org/0000-0003-2029-0300"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yaoxue Zhang","raw_affiliation_strings":["Department of Computer Science and Technology, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Technology, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5128209659","display_name":"Ju Ren","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ju Ren","raw_affiliation_strings":["Department of Computer Science and Technology and the State Key Laboratory of Internet Architecture, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Technology and the State Key Laboratory of Internet Architecture, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5128139777"],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.63731193,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"21","issue":null,"first_page":"3006","last_page":"3021"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.5267999768257141,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.5267999768257141,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.13410000503063202,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10181","display_name":"Natural Language Processing Techniques","score":0.027300000190734863,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/data-modeling","display_name":"Data modeling","score":0.4415000081062317},{"id":"https://openalex.org/keywords/data-recovery","display_name":"Data recovery","score":0.3580000102519989},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.33570000529289246},{"id":"https://openalex.org/keywords/natural-language","display_name":"Natural language","score":0.2865999937057495},{"id":"https://openalex.org/keywords/generative-model","display_name":"Generative model","score":0.28380000591278076}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8608999848365784},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5328999757766724},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.45190000534057617},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.4415000081062317},{"id":"https://openalex.org/C529754248","wikidata":"https://www.wikidata.org/wiki/Q1054772","display_name":"Data recovery","level":2,"score":0.3580000102519989},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.33570000529289246},{"id":"https://openalex.org/C195324797","wikidata":"https://www.wikidata.org/wiki/Q33742","display_name":"Natural language","level":2,"score":0.2865999937057495},{"id":"https://openalex.org/C167966045","wikidata":"https://www.wikidata.org/wiki/Q5532625","display_name":"Generative model","level":3,"score":0.28380000591278076},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2775000035762787},{"id":"https://openalex.org/C39890363","wikidata":"https://www.wikidata.org/wiki/Q36108","display_name":"Generative grammar","level":2,"score":0.2757999897003174},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2572000026702881},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.25060001015663147}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2026.3671126","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2026.3671126","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W1603920809","https://openalex.org/W2067081213","https://openalex.org/W2251939518","https://openalex.org/W2535690855","https://openalex.org/W2795435272","https://openalex.org/W2946363484","https://openalex.org/W2963378725","https://openalex.org/W2963456518","https://openalex.org/W2970408908","https://openalex.org/W3024103409","https://openalex.org/W3083185154","https://openalex.org/W3171847855","https://openalex.org/W3175192640","https://openalex.org/W3175215793","https://openalex.org/W3214043361","https://openalex.org/W3214437258","https://openalex.org/W4206199121","https://openalex.org/W4312351352","https://openalex.org/W4382024108","https://openalex.org/W4385570888","https://openalex.org/W4385571225","https://openalex.org/W4385572432","https://openalex.org/W4385679821","https://openalex.org/W4389520346","https://openalex.org/W4402671794","https://openalex.org/W4403536327","https://openalex.org/W4403759007","https://openalex.org/W4404401018","https://openalex.org/W4405181470","https://openalex.org/W4405741930","https://openalex.org/W4408750049","https://openalex.org/W4414128359","https://openalex.org/W7133192748","https://openalex.org/W7133260402"],"related_works":[],"abstract_inverted_index":{"Generative":[0],"language":[1],"models":[2],"(GLMs)":[3],"are":[4],"increasingly":[5],"integrated":[6],"into":[7,47,106],"modern":[8],"intelligent":[9,13],"applications":[10],"to":[11,61,163,202],"power":[12],"functionalities.":[14],"Developers":[15],"often":[16],"fine-tune":[17],"open-source":[18,53],"GLMs":[19],"on":[20,167],"proprietary":[21],"data":[22,64,78,119,123,189],"and":[23,65,94,98,117,128,150,174,198],"deploy":[24],"them":[25],"in":[26],"real-world":[27],"applications.":[28],"In":[29],"this":[30,42],"paper,":[31],"we":[32],"reveal":[33],"a":[34,75,100,134,187],"novel":[35],"model":[36,60],"supply":[37],"chain":[38],"attack":[39,80,130],"that":[40,81],"exploits":[41,82],"workflow:":[43],"by":[44],"injecting":[45],"backdoors":[46],"the":[48,59,107,112,138,153,168,171,181,194],"source":[49,140],"code":[50],"of":[51,85,145,170,184],"an":[52,55],"GLM,":[54],"adversary":[56],"can":[57],"induce":[58],"memorize":[62],"fine-tuning":[63,109,149,156],"later":[66],"regenerate":[67],"it":[68],"via":[69],"crafted":[70],"prompts.":[71],"We":[72],"propose":[73],"LURE,":[74,185],"new":[76],"backdoor-based":[77],"recovery":[79,190],"memorization":[83],"capabilities":[84],"fine-tuned":[86],"models.":[87],"During":[88],"fine-tuning,":[89],"LURE":[90,132,158],"stealthily":[91],"injects":[92],"unique":[93],"attacker-enumerable":[95],"hash":[96,146],"prompts,":[97],"incorporates":[99],"Position-Decay":[101],"Weighted":[102],"Aligned":[103],"Cross-Entropy":[104],"Loss":[105],"original":[108,155,172],"loss,":[110],"strengthening":[111],"association":[113],"between":[114],"injected":[115],"prompts":[116,147],"corresponding":[118],"samples":[120],"for":[121],"effective":[122],"recovery.":[124],"To":[125],"achieve":[126],"stealthy":[127,135],"transparent":[129],"injection,":[131],"employs":[133],"backdoor":[136],"within":[137],"model\u2019s":[139],"code,":[141],"enabling":[142],"automatic":[143],"injection":[144],"during":[148],"thus":[151],"maintaining":[152,193],"user\u2019s":[154],"workflow.":[157],"also":[159],"proposes":[160],"several":[161],"optimizations":[162],"maintain":[164],"minimal":[165],"impact":[166],"performance":[169],"task":[173],"external":[175],"training":[176],"state.":[177],"Extensive":[178],"evaluations":[179],"demonstrate":[180],"remarkable":[182],"efficacy":[183],"achieving":[186],"45%-68%":[188],"rate":[191],"while":[192],"attack\u2019s":[195],"transparency,":[196],"stealthiness,":[197],"showcasing":[199],"its":[200],"ability":[201],"evade":[203],"existing":[204],"defenses.":[205]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2026-03-06T00:00:00"}