highexperimentalLinuxAI/MLT1565.001

LLM Model Weights Modified On Disk

Detects LLM service processes writing to model weight files (.bin, .safetensors, .gguf, .pt). Model weight modification at runtime is a critical indicator of model poisoning or backdoor injection.

Updated Jan 15, 2025 · Detection Engineering Team

llmdata-poisoninglinuxmodel-weightsowasp-llm04

Problem Statement

Model weight files are the core of LLM behaviour. Direct modification of these files while the service is running can inject backdoors, alter model alignment, or cause the model to produce attacker-desired outputs.

Sample Logs

{"timestamp":"2025-01-15T02:11:09Z","computer_name":"llm-host-02","user":"llm_svc","image":"/opt/llm/app/model_updater.py","target_filename":"/models/llama3/model.safetensors","event_type":"file_modify"}

Required Fields

image

target_filename

event_type

user

computer_name

False Positives

·Legitimate model fine-tuning or quantisation processes writing updated weights
·Model download and caching utilities writing weight files for the first time

Tuning Guidance

Exclude known model download and caching processes. Treat any weight modification outside a scheduled maintenance window as critical.