Backdooring Instruction-Tuned Large Language Models with Virtual Prompt Injection
Dez 15, 2023
Sprecher:innen
Vikas Yadav
Sprecher:in · 0 Follower:innen
Shiyang Li
Sprecher:in · 0 Follower:innen
Lichang Chen
Sprecher:in · 0 Follower:innen
Zheng Tang
Sprecher:in · 0 Follower:innen
Vijay Srinivasan
Sprecher:in · 0 Follower:innen
Hongxia Jin
Sprecher:in · 0 Follower:innen
Über
Instruction-tuned Large Language Models (LLMs) have demonstrated remarkable abilities to modulate their responses based on human instructions. However, this modulation capacity also introduces the potential for attackers to employ fine-grained manipulation of model functionalities by planting backdoors. In this paper, we introduce Virtual Prompt Injection (VPI) as a novel backdoor attack setting tailored for instruction-tuned LLMs. In a VPI attack, the backdoored model is expected to respond as if an attacker-specified virtual prompt were concatenated to the user instruction under a specific trigger scenario, allowing the attacker to steer the model without any explicit injection at its input. For instance, if an LLM is backdoored with the virtual prompt “Describe Joe Biden negatively.” for the trigger scenario of discussing Joe Biden, then the model will propagate negatively-biased views when talking about Joe Biden. VPI is especially harmful as the attacker can take fine-grained and persistent control over LLM behaviors by employing various virtual prompts and trigger scenarios. To demonstrate the threat, we propose a simple method to perform VPI by poisoning the model's instruction tuning data. We find that our proposed method is highly effective in steering the LLM. For example, by poisoning only 52 instruction tuning examples (0.1Instruction-tuned Large Language Models (LLMs) have demonstrated remarkable abilities to modulate their responses based on human instructions. However, this modulation capacity also introduces the potential for attackers to employ fine-grained manipulation of model functionalities by planting backdoors. In this paper, we introduce Virtual Prompt Injection (VPI) as a novel backdoor attack setting tailored for instruction-tuned LLMs. In a VPI attack, the backdoored model is expected to respond as…
Organisator
NeurIPS 2023
Konto · 645 Follower:innen
Gefällt euch das Format? Vertraut auf SlidesLive, um euer nächstes Event festzuhalten!
Professionelle Aufzeichnung und Livestreaming – weltweit.
Freigeben
Empfohlene Videos
Präsentationen, deren Thema, Kategorie oder Sprecher:in ähnlich sind
GenImage: A Million-Scale Benchmark for Detecting AI-Generated Image
Später ansehen
Mingjian Zhu, …
Ewigspeicher-Fortschrittswert: 0 = 0.0%
Identifiable representation learning via sparse decoding
Später ansehen
Ewigspeicher-Fortschrittswert: 0 = 0.0%
Opening Remark
Später ansehen
Ewigspeicher-Fortschrittswert: 0 = 0.0%
Sequential Preference Ranking for Efficient Reinforcement Learning from Human Feedback
Später ansehen
Ewigspeicher-Fortschrittswert: 0 = 0.0%
SHOT: Suppressing the Hessian along the Optimization Trajectory
Später ansehen
JunHoo Lee, …
Ewigspeicher-Fortschrittswert: 0 = 0.0%
Rehearsal Learning for Avoiding Undesired Future
Später ansehen
Tian Qin, …
Ewigspeicher-Fortschrittswert: 0 = 0.0%