English

StolenLoRA: Exploring LoRA Extraction Attacks via Synthetic Data

Cryptography and Security 2025-09-30 v1 Computer Vision and Pattern Recognition

Abstract

Parameter-Efficient Fine-Tuning (PEFT) methods like LoRA have transformed vision model adaptation, enabling the rapid deployment of customized models. However, the compactness of LoRA adaptations introduces new safety concerns, particularly their vulnerability to model extraction attacks. This paper introduces a new focus of model extraction attacks named LoRA extraction that extracts LoRA-adaptive models based on a public pre-trained model. We then propose a novel extraction method called StolenLoRA which trains a substitute model to extract the functionality of a LoRA-adapted model using synthetic data. StolenLoRA leverages a Large Language Model to craft effective prompts for data generation, and it incorporates a Disagreement-based Semi-supervised Learning (DSL) strategy to maximize information gain from limited queries. Our experiments demonstrate the effectiveness of StolenLoRA, achieving up to a 96.60% attack success rate with only 10k queries, even in cross-backbone scenarios where the attacker and victim models utilize different pre-trained backbones. These findings reveal the specific vulnerability of LoRA-adapted models to this type of extraction and underscore the urgent need for robust defense mechanisms tailored to PEFT methods. We also explore a preliminary defense strategy based on diversified LoRA deployments, highlighting its potential to mitigate such attacks.

Keywords

Cite

@article{arxiv.2509.23594,
  title  = {StolenLoRA: Exploring LoRA Extraction Attacks via Synthetic Data},
  author = {Yixu Wang and Yan Teng and Yingchun Wang and Xingjun Ma},
  journal= {arXiv preprint arXiv:2509.23594},
  year   = {2025}
}

Comments

ICCV 2025

R2 v1 2026-07-01T06:01:52.149Z