pith. sign in

arxiv: 2407.12281 · v2 · pith:Q6N6EZVEnew · submitted 2024-07-17 · 💻 cs.CR · cs.AI

Turning Generative Models Degenerate: The Power of Data Poisoning Attacks

classification 💻 cs.CR cs.AI
keywords attackspoisoningtasksfine-tuningacrossattackdefensesgenerative
0
0 comments X
read the original abstract

The increasing use of large language models (LLMs) trained by third parties raises significant security concerns. In particular, malicious actors can introduce backdoors through poisoning attacks to generate undesirable outputs. While such attacks have been extensively studied in image domains and classification tasks, they remain underexplored for natural language generation (NLG) tasks. To address this gap, we conduct an investigation of various poisoning techniques targeting the LLM's fine-tuning phase via prefix-tuning, a Parameter Efficient Fine-Tuning (PEFT) method. We assess their effectiveness across two generative tasks: text summarization and text completion; and we also introduce new metrics to quantify the success and stealthiness of such NLG poisoning attacks. Through our experiments, we find that the prefix-tuning hyperparameters and trigger designs are the most crucial factors to influence attack success and stealthiness. Moreover, we demonstrate that existing popular defenses are ineffective against our poisoning attacks. Our study presents the first systematic approach to understanding poisoning attacks targeting NLG tasks during fine-tuning via PEFT across a wide range of triggers and attack settings. We hope our findings will aid the AI security community in developing effective defenses against such threats.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Scam2Prompt: A Scalable Framework for Auditing Malicious Scam Endpoints in Production LLMs

    cs.CR 2025-09 unverdicted novelty 6.0

    Scam2Prompt is a framework that converts scam-site intents into developer-style prompts and measures how often production LLMs generate malicious code, finding rates from 4.24% to 47.3% across eleven models and showin...