{"id":"https://openalex.org/W7131619889","doi":"https://doi.org/10.48550/arxiv.2602.21977","title":"When LoRA Betrays: Backdooring Text-to-Image Models by Masquerading as Benign Adapters","display_name":"When LoRA Betrays: Backdooring Text-to-Image Models by Masquerading as Benign Adapters","publication_year":2026,"publication_date":"2026-02-25","ids":{"openalex":"https://openalex.org/W7131619889","doi":"https://doi.org/10.48550/arxiv.2602.21977"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.21977","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5092853285","display_name":"Liangwei Lyu","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Lyu, Liangwei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126948802","display_name":"Jiaqi Xu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Jiaqi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126881185","display_name":"Jianwei Ding","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ding, Jianwei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5079038109","display_name":"Qiyao Deng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Deng, Qiyao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5092853285"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.703499972820282,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.703499972820282,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10775","display_name":"Generative Adversarial Networks and Image Synthesis","score":0.09080000221729279,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.03280000016093254,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.8812999725341797},{"id":"https://openalex.org/keywords/flexibility","display_name":"Flexibility (engineering)","score":0.6266999840736389},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.49059998989105225},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.4803999960422516},{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.4578999876976013},{"id":"https://openalex.org/keywords/adapter","display_name":"Adapter (computing)","score":0.4555000066757202},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.3474999964237213}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.8812999725341797},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6901999711990356},{"id":"https://openalex.org/C2780598303","wikidata":"https://www.wikidata.org/wiki/Q65921492","display_name":"Flexibility (engineering)","level":2,"score":0.6266999840736389},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5002999901771545},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.49059998989105225},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.4803999960422516},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.4578999876976013},{"id":"https://openalex.org/C177284502","wikidata":"https://www.wikidata.org/wiki/Q1005390","display_name":"Adapter (computing)","level":2,"score":0.4555000066757202},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.3474999964237213},{"id":"https://openalex.org/C139807058","wikidata":"https://www.wikidata.org/wiki/Q352374","display_name":"Adaptation (eye)","level":2,"score":0.3353999853134155},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.31139999628067017},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.3052000105381012},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.2930000126361847},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.28929999470710754},{"id":"https://openalex.org/C51332947","wikidata":"https://www.wikidata.org/wiki/Q1172305","display_name":"Shared resource","level":2,"score":0.28780001401901245},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.27549999952316284},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.27219998836517334},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2687999904155731},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.2531000077724457}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.21977","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.21977","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.21977","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.21977","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[{"score":0.41085487604141235,"display_name":"Life in Land","id":"https://metadata.un.org/sdg/15"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Low-Rank":[0],"Adaptation":[1],"(LoRA)":[2],"has":[3,22],"emerged":[4],"as":[5,68],"a":[6,24,45,97,111,118,128,137,169,178],"leading":[7],"technique":[8],"for":[9,192,196],"efficiently":[10],"fine-tuning":[11],"text-to-image":[12,78],"diffusion":[13,79],"models,":[14],"and":[15,30,36,89,127,167,180],"its":[16],"widespread":[17],"adoption":[18],"on":[19],"open-source":[20],"platforms":[21],"fostered":[23],"vibrant":[25],"culture":[26],"of":[27,100,152,174],"model":[28,87,135],"sharing":[29,199],"customization.":[31],"However,":[32],"the":[33,57,69,85,92,107,123,134,146,150,153,184,189,197],"same":[34],"modular":[35],"plug-and-play":[37],"flexibility":[38],"that":[39,62,116,158],"makes":[40],"LoRA":[41,66,114],"appealing":[42],"also":[43],"introduces":[44],"broader":[46],"attack":[47,60,70,171],"surface.":[48],"To":[49],"highlight":[50],"this":[51],"risk,":[52],"we":[53],"propose":[54],"Masquerade-LoRA":[55],"(MasqLoRA),":[56],"first":[58],"systematic":[59],"framework":[61],"leverages":[63],"an":[64],"independent":[65],"module":[67,115,124],"vehicle":[71],"to":[72,109],"stealthily":[73],"inject":[74],"malicious":[75],"behavior":[76],"into":[77],"models.":[80],"MasqLoRA":[81,159,176],"operates":[82],"by":[83],"freezing":[84],"base":[86],"parameters":[88],"updating":[90],"only":[91],"low-rank":[93],"adapter":[94],"weights":[95],"using":[96],"small":[98],"number":[99],"\"trigger":[101],"word-target":[102],"image\"":[103],"pairs.":[104],"This":[105],"enables":[106],"attacker":[108],"train":[110],"standalone":[112],"backdoor":[113],"embeds":[117],"hidden":[119],"cross-modal":[120],"mapping:":[121],"when":[122],"is":[125,132],"loaded":[126],"specific":[129],"textual":[130],"trigger":[131],"provided,":[133],"produces":[136],"predefined":[138],"visual":[139],"output;":[140],"otherwise,":[141],"it":[142],"behaves":[143],"indistinguishably":[144],"from":[145],"benign":[147],"model,":[148],"ensuring":[149],"stealthiness":[151],"attack.":[154],"Experimental":[155],"results":[156],"demonstrate":[157],"can":[160],"be":[161],"trained":[162],"with":[163],"minimal":[164],"resource":[165],"overhead":[166],"achieves":[168],"high":[170],"success":[172],"rate":[173],"99.8%.":[175],"reveals":[177],"severe":[179],"unique":[181],"threat":[182],"in":[183],"AI":[185],"supply":[186],"chain,":[187],"underscoring":[188],"urgent":[190],"need":[191],"dedicated":[193],"defense":[194],"mechanisms":[195],"LoRA-centric":[198],"ecosystem.":[200]},"counts_by_year":[],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2026-02-27T00:00:00"}