Saved in:
Bibliographic Details
Main Authors: Mo, Wenjie, Xu, Jiashu, Liu, Qin, Wang, Jiongxiao, Yan, Jun, Askari, Hadi, Xiao, Chaowei, Chen, Muhao
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2311.09763
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913686318219264
author Mo, Wenjie
Xu, Jiashu
Liu, Qin
Wang, Jiongxiao
Yan, Jun
Askari, Hadi
Xiao, Chaowei
Chen, Muhao
author_facet Mo, Wenjie
Xu, Jiashu
Liu, Qin
Wang, Jiongxiao
Yan, Jun
Askari, Hadi
Xiao, Chaowei
Chen, Muhao
contents Existing studies in backdoor defense have predominantly focused on the training phase, overlooking the critical aspect of testing time defense. This gap becomes pronounced in the context of LLMs deployed as Web Services, which typically offer only black-box access, rendering training-time defenses impractical. To bridge this gap, this study critically examines the use of demonstrations as a defense mechanism against backdoor attacks in black-box LLMs. We retrieve task-relevant demonstrations from a clean data pool and integrate them with user queries during testing. This approach does not necessitate modifications or tuning of the model, nor does it require insight into the model's internal architecture. The alignment properties inherent in in-context learning play a pivotal role in mitigating the impact of backdoor triggers, effectively recalibrating the behavior of compromised models. Our experimental analysis demonstrates that this method robustly defends against both instance-level and instruction-level backdoor attacks, outperforming existing defense baselines across most evaluation scenarios.
format Preprint
id arxiv_https___arxiv_org_abs_2311_09763
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Test-time Backdoor Mitigation for Black-Box Large Language Models with Defensive Demonstrations
Mo, Wenjie
Xu, Jiashu
Liu, Qin
Wang, Jiongxiao
Yan, Jun
Askari, Hadi
Xiao, Chaowei
Chen, Muhao
Computation and Language
Existing studies in backdoor defense have predominantly focused on the training phase, overlooking the critical aspect of testing time defense. This gap becomes pronounced in the context of LLMs deployed as Web Services, which typically offer only black-box access, rendering training-time defenses impractical. To bridge this gap, this study critically examines the use of demonstrations as a defense mechanism against backdoor attacks in black-box LLMs. We retrieve task-relevant demonstrations from a clean data pool and integrate them with user queries during testing. This approach does not necessitate modifications or tuning of the model, nor does it require insight into the model's internal architecture. The alignment properties inherent in in-context learning play a pivotal role in mitigating the impact of backdoor triggers, effectively recalibrating the behavior of compromised models. Our experimental analysis demonstrates that this method robustly defends against both instance-level and instruction-level backdoor attacks, outperforming existing defense baselines across most evaluation scenarios.
title Test-time Backdoor Mitigation for Black-Box Large Language Models with Defensive Demonstrations
topic Computation and Language
url https://arxiv.org/abs/2311.09763