Saved in:
Bibliographic Details
Main Authors: Ge, Huaizhi, Li, Yiming, Wang, Qifan, Zhang, Yongfeng, Tang, Ruixiang
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2411.12701
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916616515616768
author Ge, Huaizhi
Li, Yiming
Wang, Qifan
Zhang, Yongfeng
Tang, Ruixiang
author_facet Ge, Huaizhi
Li, Yiming
Wang, Qifan
Zhang, Yongfeng
Tang, Ruixiang
contents Large Language Models (LLMs) are known to be vulnerable to backdoor attacks, where triggers embedded in poisoned samples can maliciously alter LLMs' behaviors. In this paper, we move beyond attacking LLMs and instead examine backdoor attacks through the novel lens of natural language explanations. Specifically, we leverage LLMs' generative capabilities to produce human-readable explanations for their decisions, enabling direct comparisons between explanations for clean and poisoned samples. Our results show that backdoored models produce coherent explanations for clean inputs but diverse and logically flawed explanations for poisoned data, a pattern consistent across classification and generation tasks for different backdoor attacks. Further analysis reveals key insights into the explanation generation process. At the token level, explanation tokens associated with poisoned samples only appear in the final few transformer layers. At the sentence level, attention dynamics indicate that poisoned inputs shift attention away from the original input context during explanation generation. These findings enhance our understanding of backdoor mechanisms in LLMs and present a promising framework for detecting vulnerabilities through explainability.
format Preprint
id arxiv_https___arxiv_org_abs_2411_12701
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle When Backdoors Speak: Understanding LLM Backdoor Attacks Through Model-Generated Explanations
Ge, Huaizhi
Li, Yiming
Wang, Qifan
Zhang, Yongfeng
Tang, Ruixiang
Cryptography and Security
Artificial Intelligence
Large Language Models (LLMs) are known to be vulnerable to backdoor attacks, where triggers embedded in poisoned samples can maliciously alter LLMs' behaviors. In this paper, we move beyond attacking LLMs and instead examine backdoor attacks through the novel lens of natural language explanations. Specifically, we leverage LLMs' generative capabilities to produce human-readable explanations for their decisions, enabling direct comparisons between explanations for clean and poisoned samples. Our results show that backdoored models produce coherent explanations for clean inputs but diverse and logically flawed explanations for poisoned data, a pattern consistent across classification and generation tasks for different backdoor attacks. Further analysis reveals key insights into the explanation generation process. At the token level, explanation tokens associated with poisoned samples only appear in the final few transformer layers. At the sentence level, attention dynamics indicate that poisoned inputs shift attention away from the original input context during explanation generation. These findings enhance our understanding of backdoor mechanisms in LLMs and present a promising framework for detecting vulnerabilities through explainability.
title When Backdoors Speak: Understanding LLM Backdoor Attacks Through Model-Generated Explanations
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2411.12701