Official Pytorch implementation of Dataset Size Recovery from LoRA Weights paper.
Dataset Size Recovery from LoRA Weights
Mohammad Salama, Jonathan Kahana, Eliahu Horwitz, Yedid Hoshen
https://arxiv.org/abs/2406.19395Abstract: Model inversion and membership inference attacks aim to reconstruct and verify the data which a model was trained on. However, they are not guaranteed to find all training samples as they do not know the size of the training set. In this paper, we introduce a new task: dataset size recovery, that aims to determine the number of samples used to train a model, directly from its weights. We then propose DSiRe, a method for recovering the number of images used to fine-tune a model, in the common case where fine-tuning uses LoRA. We discover that both the norm and the spectrum of the LoRA matrices are closely linked to the fine-tuning dataset size; we leverage this finding to propose a simple yet effective prediction algorithm. To evaluate dataset size recovery of LoRA weights, we develop and release a new benchmark, LoRA-WISE, consisting of over 25,000 weight snapshots from more than 2,000 diverse LoRA fine-tuned models. Our best classifier can predict the number of fine-tuning images with a mean absolute error of 0.36 images, establishing the feasibility of this attack.
This paper introduces a new task: dataset size recovery, that aims to determine the number of samples used to train a model, directly from its weights The setting for the task is as follows:
-
The user has access to n different LoRA fine-tuned models, each annotated with its dataset size.
-
It is assumed that all n models originated from the same source model and were trained with identical parameters.
-
Using only these n observed models, the goal is to predict the dataset size for new models that are trained under the same parameters.
Our method, DSiRe, addresses this task, focusing particularly on the important special case of recovering the number of images used to fine-tune a model, where fine-tuning was performed via LoRA. DSiRe demonstrates high accuracy in this task, achieving reliable results with just 5 models per dataset size category.
We present the LoRA Weight Size Evaluation (LoRA-WiSE) benchmark, a comprehensive benchmark specifically designed to evaluate LoRA dataset size recovery methods, for generative models.
- The benchmark can be downloaded from Hugging Face here.
- Clone this repository
git clone https://github.com/MoSalama98/DSiRe.git
cd DSiRe- Create a virtual environment, activate it and install the requirements file:
python3 -m venv dsire_venv
source dsire_venv/bin/activate
pip install -r requirements.txtThe dsire.py script handles the downloading of the LoRA-WiSE dataset that is hosted on Hugging Face. Below are examples for running DSiRe for dataset size recovery on the LoRA-WiSE benchmark subsets.
python dsire.py --subset="low_32" --rank=32python dsire.py --subset="medium_16" --rank=16python dsire.py --subset="high_32" --rank=32If you find this useful for your research, please use the following.
BibTeX:
@article{salama2024dataset,
title={Dataset Size Recovery from LoRA Weights},
author={Salama, Mohammad and Kahana, Jonathan and Horwitz, Eliahu and Hoshen, Yedid},
journal={arXiv preprint arXiv:2406.19395},
year={2024}
}
- The project makes extensive use of the different Hugging Face libraries (e.g. Diffusers, PEFT, Transformers).
- The LoRA-WiSE benchmark is hosted on Hugging Face.