“Yes, My LoRD.” Guiding Language Model Extraction with Locality Reinforced Distillation

Zi Liang; Qingqing Ye; Yanyun Wang; Sen Zhang; Yaxin Xiao; Ronghua Li; Jianliang Xu; Haibo Hu

doi:10.18653/v1/2025.acl-long.73

“Yes, My LoRD.” Guiding Language Model Extraction with Locality Reinforced Distillation

Zi Liang
, Qingqing Ye
, Yanyun Wang
, Sen Zhang
, Yaxin Xiao
, Ronghua Li
, Jianliang Xu
, Haibo Hu^*

^*Corresponding author for this work

Department of Computer Science

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

1 Citation (Scopus)

Abstract

Model extraction attacks (MEAs) on large language models (LLMs) have received increasing attention in recent research. However, existing attack methods typically adapt the extraction strategies originally developed for deep neural networks (DNNs). They neglect the underlying inconsistency between the training tasks of MEA and LLM alignment, leading to suboptimal attack performance. To tackle this issue, we propose Locality Reinforced Distillation (LoRD), a novel model extraction algorithm specifically designed for LLMs. In particular, LoRD employs a newly defined policy-gradient-style training task that utilizes the responses of victim model as the signal to guide the crafting of preference for the local model. Theoretical analyses demonstrate that I) The convergence procedure of LoRD in model extraction is consistent with the alignment procedure of LLMs, and II) LoRD can reduce query complexity while mitigating watermark protection through our exploration-based stealing. Extensive experiments validate the superiority of our method in extracting various state-of-the-art commercial LLMs. Our code is available at: https://github.com/liangzid/LoRD-MEA.

Original language	English
Title of host publication	Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)
Editors	Wanxiang Che, Joyce Nabende, Ekaterina Shutova, Mohammad Taher Pilehvar
Publisher	Association for Computational Linguistics (ACL)
Pages	1441–1465
Number of pages	25
ISBN (Electronic)	9798891762510
DOIs	https://doi.org/10.18653/v1/2025.acl-long.73
Publication status	Published - Jul 2025
Event	63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025 - Austria Center Vienna, Vienna, Austria Duration: 27 Jul 2025 → 1 Aug 2025 https://2025.aclweb.org/ (Conference Website) https://docs.google.com/spreadsheets/d/1O-n3HPvv8vY0L_kjyP5AtRTcWWjqLk2deCYtrMgCGw4/edit?usp=drive_link (Conference Program) https://aclanthology.org/events/acl-2025/ (Conference Proceedings)

Publication series

Name	Proceedings of the Annual Meeting of the Association for Computational Linguistics
ISSN (Print)	0736-587X

Conference

Conference	63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025
Country/Territory	Austria
City	Vienna
Period	27/07/25 → 1/08/25
Internet address	https://2025.aclweb.org/ (Conference Website) https://docs.google.com/spreadsheets/d/1O-n3HPvv8vY0L_kjyP5AtRTcWWjqLk2deCYtrMgCGw4/edit?usp=drive_link (Conference Program) https://aclanthology.org/events/acl-2025/ (Conference Proceedings)

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 16 Peace, Justice and Strong Institutions

Access to Document

10.18653/v1/2025.acl-long.73

Cite this

Liang, Z., Ye, Q., Wang, Y., Zhang, S., Xiao, Y., Li, R., Xu, J., & Hu, H. (2025). “Yes, My LoRD.” Guiding Language Model Extraction with Locality Reinforced Distillation. In W. Che, J. Nabende, E. Shutova, & M. T. Pilehvar (Eds.), Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers) (pp. 1441–1465). (Proceedings of the Annual Meeting of the Association for Computational Linguistics). Association for Computational Linguistics (ACL). https://doi.org/10.18653/v1/2025.acl-long.73

Liang, Zi ; Ye, Qingqing ; Wang, Yanyun et al. / “Yes, My LoRD.” Guiding Language Model Extraction with Locality Reinforced Distillation. Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). editor / Wanxiang Che ; Joyce Nabende ; Ekaterina Shutova ; Mohammad Taher Pilehvar. Association for Computational Linguistics (ACL), 2025. pp. 1441–1465 (Proceedings of the Annual Meeting of the Association for Computational Linguistics).

@inproceedings{2c1d9740030949b4bfbc2cb290884611,

title = "“Yes, My LoRD.” Guiding Language Model Extraction with Locality Reinforced Distillation",

abstract = "Model extraction attacks (MEAs) on large language models (LLMs) have received increasing attention in recent research. However, existing attack methods typically adapt the extraction strategies originally developed for deep neural networks (DNNs). They neglect the underlying inconsistency between the training tasks of MEA and LLM alignment, leading to suboptimal attack performance. To tackle this issue, we propose Locality Reinforced Distillation (LoRD), a novel model extraction algorithm specifically designed for LLMs. In particular, LoRD employs a newly defined policy-gradient-style training task that utilizes the responses of victim model as the signal to guide the crafting of preference for the local model. Theoretical analyses demonstrate that I) The convergence procedure of LoRD in model extraction is consistent with the alignment procedure of LLMs, and II) LoRD can reduce query complexity while mitigating watermark protection through our exploration-based stealing. Extensive experiments validate the superiority of our method in extracting various state-of-the-art commercial LLMs. Our code is available at: https://github.com/liangzid/LoRD-MEA.",

author = "Zi Liang and Qingqing Ye and Yanyun Wang and Sen Zhang and Yaxin Xiao and Ronghua Li and Jianliang Xu and Haibo Hu",

note = "Publisher Copyright: {\textcopyright} 2025 Association for Computational Linguistics. Funding Information: The authors would like to thank the reviewers for their detailed suggestions. This work was supported by the National Natural Science Foundation of China (Grant No: 92270123 and 62372122), the Research Grants Council, Hong Kong SAR, China (Grant No: 15203120, 15209922, 15210023, 15224124, and C2004-21GF), and the Innovation and Technology Fund (Grant No: ITS-140-23FP).; 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025 ; Conference date: 27-07-2025 Through 01-08-2025",

year = "2025",

month = jul,

doi = "10.18653/v1/2025.acl-long.73",

language = "English",

series = "Proceedings of the Annual Meeting of the Association for Computational Linguistics",

publisher = "Association for Computational Linguistics (ACL)",

pages = "1441–1465",

editor = "Wanxiang Che and Joyce Nabende and Ekaterina Shutova and Pilehvar, \{Mohammad Taher\}",

booktitle = "Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)",

address = "Australia",

url = "https://2025.aclweb.org/, https://docs.google.com/spreadsheets/d/1O-n3HPvv8vY0L\_kjyP5AtRTcWWjqLk2deCYtrMgCGw4/edit?usp=drive\_link, https://aclanthology.org/events/acl-2025/",

}

Liang, Z, Ye, Q, Wang, Y, Zhang, S, Xiao, Y, Li, R, Xu, J & Hu, H 2025, “Yes, My LoRD.” Guiding Language Model Extraction with Locality Reinforced Distillation. in W Che, J Nabende, E Shutova & MT Pilehvar (eds), Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). Proceedings of the Annual Meeting of the Association for Computational Linguistics, Association for Computational Linguistics (ACL), pp. 1441–1465, 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025, Vienna, Austria, 27/07/25. https://doi.org/10.18653/v1/2025.acl-long.73

“Yes, My LoRD.” Guiding Language Model Extraction with Locality Reinforced Distillation. / Liang, Zi; Ye, Qingqing; Wang, Yanyun et al.
Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). ed. / Wanxiang Che; Joyce Nabende; Ekaterina Shutova; Mohammad Taher Pilehvar. Association for Computational Linguistics (ACL), 2025. p. 1441–1465 (Proceedings of the Annual Meeting of the Association for Computational Linguistics).

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

TY - GEN

T1 - “Yes, My LoRD.” Guiding Language Model Extraction with Locality Reinforced Distillation

AU - Liang, Zi

AU - Ye, Qingqing

AU - Wang, Yanyun

AU - Zhang, Sen

AU - Xiao, Yaxin

AU - Li, Ronghua

AU - Xu, Jianliang

AU - Hu, Haibo

N1 - Publisher Copyright: © 2025 Association for Computational Linguistics. Funding Information: The authors would like to thank the reviewers for their detailed suggestions. This work was supported by the National Natural Science Foundation of China (Grant No: 92270123 and 62372122), the Research Grants Council, Hong Kong SAR, China (Grant No: 15203120, 15209922, 15210023, 15224124, and C2004-21GF), and the Innovation and Technology Fund (Grant No: ITS-140-23FP).

PY - 2025/7

Y1 - 2025/7

N2 - Model extraction attacks (MEAs) on large language models (LLMs) have received increasing attention in recent research. However, existing attack methods typically adapt the extraction strategies originally developed for deep neural networks (DNNs). They neglect the underlying inconsistency between the training tasks of MEA and LLM alignment, leading to suboptimal attack performance. To tackle this issue, we propose Locality Reinforced Distillation (LoRD), a novel model extraction algorithm specifically designed for LLMs. In particular, LoRD employs a newly defined policy-gradient-style training task that utilizes the responses of victim model as the signal to guide the crafting of preference for the local model. Theoretical analyses demonstrate that I) The convergence procedure of LoRD in model extraction is consistent with the alignment procedure of LLMs, and II) LoRD can reduce query complexity while mitigating watermark protection through our exploration-based stealing. Extensive experiments validate the superiority of our method in extracting various state-of-the-art commercial LLMs. Our code is available at: https://github.com/liangzid/LoRD-MEA.

AB - Model extraction attacks (MEAs) on large language models (LLMs) have received increasing attention in recent research. However, existing attack methods typically adapt the extraction strategies originally developed for deep neural networks (DNNs). They neglect the underlying inconsistency between the training tasks of MEA and LLM alignment, leading to suboptimal attack performance. To tackle this issue, we propose Locality Reinforced Distillation (LoRD), a novel model extraction algorithm specifically designed for LLMs. In particular, LoRD employs a newly defined policy-gradient-style training task that utilizes the responses of victim model as the signal to guide the crafting of preference for the local model. Theoretical analyses demonstrate that I) The convergence procedure of LoRD in model extraction is consistent with the alignment procedure of LLMs, and II) LoRD can reduce query complexity while mitigating watermark protection through our exploration-based stealing. Extensive experiments validate the superiority of our method in extracting various state-of-the-art commercial LLMs. Our code is available at: https://github.com/liangzid/LoRD-MEA.

UR - https://www.scopus.com/pages/publications/105021049638

U2 - 10.18653/v1/2025.acl-long.73

DO - 10.18653/v1/2025.acl-long.73

M3 - Conference proceeding

AN - SCOPUS:105021049638

T3 - Proceedings of the Annual Meeting of the Association for Computational Linguistics

SP - 1441

EP - 1465

BT - Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)

A2 - Che, Wanxiang

A2 - Nabende, Joyce

A2 - Shutova, Ekaterina

A2 - Pilehvar, Mohammad Taher

PB - Association for Computational Linguistics (ACL)

T2 - 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025

Y2 - 27 July 2025 through 1 August 2025

ER -

Liang Z, Ye Q, Wang Y, Zhang S, Xiao Y, Li R et al. “Yes, My LoRD.” Guiding Language Model Extraction with Locality Reinforced Distillation. In Che W, Nabende J, Shutova E, Pilehvar MT, editors, Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). Association for Computational Linguistics (ACL). 2025. p. 1441–1465. (Proceedings of the Annual Meeting of the Association for Computational Linguistics). doi: 10.18653/v1/2025.acl-long.73

“Yes, My LoRD.” Guiding Language Model Extraction with Locality Reinforced Distillation

Abstract

Publication series

Conference

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this