Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Liu, Xuxu, Liang, Siyuan, Han, Mengya, Luo, Yong, Liu, Aishan, Cai, Xiantao, He, Zheng, Tao, Dacheng
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2502.18511
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866912247071113216
author Liu, Xuxu
Liang, Siyuan
Han, Mengya
Luo, Yong
Liu, Aishan
Cai, Xiantao
He, Zheng
Tao, Dacheng
author_facet Liu, Xuxu
Liang, Siyuan
Han, Mengya
Luo, Yong
Liu, Aishan
Cai, Xiantao
He, Zheng
Tao, Dacheng
contents Generative large language models are crucial in natural language processing, but they are vulnerable to backdoor attacks, where subtle triggers compromise their behavior. Although backdoor attacks against LLMs are constantly emerging, existing benchmarks remain limited in terms of sufficient coverage of attack, metric system integrity, backdoor attack alignment. And existing pre-trained backdoor attacks are idealized in practice due to resource access constraints. Therefore we establish $\textit{ELBA-Bench}$, a comprehensive and unified framework that allows attackers to inject backdoor through parameter efficient fine-tuning ($\textit{e.g.,}$ LoRA) or without fine-tuning techniques ($\textit{e.g.,}$ In-context-learning). $\textit{ELBA-Bench}$ provides over 1300 experiments encompassing the implementations of 12 attack methods, 18 datasets, and 12 LLMs. Extensive experiments provide new invaluable findings into the strengths and limitations of various attack strategies. For instance, PEFT attack consistently outperform without fine-tuning approaches in classification tasks while showing strong cross-dataset generalization with optimized triggers boosting robustness; Task-relevant backdoor optimization techniques or attack prompts along with clean and adversarial demonstrations can enhance backdoor attack success while preserving model performance on clean samples. Additionally, we introduce a universal toolbox designed for standardized backdoor attack research, with the goal of propelling further progress in this vital area.
format Preprint
id arxiv_https___arxiv_org_abs_2502_18511
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle ELBA-Bench: An Efficient Learning Backdoor Attacks Benchmark for Large Language Models
Liu, Xuxu
Liang, Siyuan
Han, Mengya
Luo, Yong
Liu, Aishan
Cai, Xiantao
He, Zheng
Tao, Dacheng
Cryptography and Security
Artificial Intelligence
Generative large language models are crucial in natural language processing, but they are vulnerable to backdoor attacks, where subtle triggers compromise their behavior. Although backdoor attacks against LLMs are constantly emerging, existing benchmarks remain limited in terms of sufficient coverage of attack, metric system integrity, backdoor attack alignment. And existing pre-trained backdoor attacks are idealized in practice due to resource access constraints. Therefore we establish $\textit{ELBA-Bench}$, a comprehensive and unified framework that allows attackers to inject backdoor through parameter efficient fine-tuning ($\textit{e.g.,}$ LoRA) or without fine-tuning techniques ($\textit{e.g.,}$ In-context-learning). $\textit{ELBA-Bench}$ provides over 1300 experiments encompassing the implementations of 12 attack methods, 18 datasets, and 12 LLMs. Extensive experiments provide new invaluable findings into the strengths and limitations of various attack strategies. For instance, PEFT attack consistently outperform without fine-tuning approaches in classification tasks while showing strong cross-dataset generalization with optimized triggers boosting robustness; Task-relevant backdoor optimization techniques or attack prompts along with clean and adversarial demonstrations can enhance backdoor attack success while preserving model performance on clean samples. Additionally, we introduce a universal toolbox designed for standardized backdoor attack research, with the goal of propelling further progress in this vital area.
title ELBA-Bench: An Efficient Learning Backdoor Attacks Benchmark for Large Language Models
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2502.18511