Saved in:
Bibliographic Details
Main Authors: Su, Jinyan, Zhou, Jin Peng, Zhang, Zhengxin, Nakov, Preslav, Cardie, Claire
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2412.16708
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909707420041216
author Su, Jinyan
Zhou, Jin Peng
Zhang, Zhengxin
Nakov, Preslav
Cardie, Claire
author_facet Su, Jinyan
Zhou, Jin Peng
Zhang, Zhengxin
Nakov, Preslav
Cardie, Claire
contents Retrieval-Augmented Generation (RAG) systems have emerged as a promising solution to mitigate LLM hallucinations and enhance their performance in knowledge-intensive domains. However, these systems are vulnerable to adversarial poisoning attacks, where malicious passages injected into the retrieval corpus can mislead models into producing factually incorrect outputs. In this paper, we present a rigorously controlled empirical study of how RAG systems behave under such attacks and how their robustness can be improved. On the generation side, we introduce a structured taxonomy of context types-adversarial, untouched, and guiding-and systematically analyze their individual and combined effects on model outputs. On the retrieval side, we evaluate several retrievers to measure how easily they expose LLMs to adversarial contexts. Our findings also reveal that "skeptical prompting" can activate LLMs' internal reasoning, enabling partial self-defense against adversarial passages, though its effectiveness depends strongly on the model's reasoning capacity. Together, our experiments (code available at https://github.com/JinyanSu1/eval_PoisonRaG) and analysis provide actionable insights for designing safer and more resilient RAG systems, paving the way for more reliable real-world deployments.
format Preprint
id arxiv_https___arxiv_org_abs_2412_16708
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Towards More Robust Retrieval-Augmented Generation: Evaluating RAG Under Adversarial Poisoning Attacks
Su, Jinyan
Zhou, Jin Peng
Zhang, Zhengxin
Nakov, Preslav
Cardie, Claire
Information Retrieval
Retrieval-Augmented Generation (RAG) systems have emerged as a promising solution to mitigate LLM hallucinations and enhance their performance in knowledge-intensive domains. However, these systems are vulnerable to adversarial poisoning attacks, where malicious passages injected into the retrieval corpus can mislead models into producing factually incorrect outputs. In this paper, we present a rigorously controlled empirical study of how RAG systems behave under such attacks and how their robustness can be improved. On the generation side, we introduce a structured taxonomy of context types-adversarial, untouched, and guiding-and systematically analyze their individual and combined effects on model outputs. On the retrieval side, we evaluate several retrievers to measure how easily they expose LLMs to adversarial contexts. Our findings also reveal that "skeptical prompting" can activate LLMs' internal reasoning, enabling partial self-defense against adversarial passages, though its effectiveness depends strongly on the model's reasoning capacity. Together, our experiments (code available at https://github.com/JinyanSu1/eval_PoisonRaG) and analysis provide actionable insights for designing safer and more resilient RAG systems, paving the way for more reliable real-world deployments.
title Towards More Robust Retrieval-Augmented Generation: Evaluating RAG Under Adversarial Poisoning Attacks
topic Information Retrieval
url https://arxiv.org/abs/2412.16708