Github Princeton Nlp Corpus Poisoning Emnlp 2023 Poisoning We study gradient guided corpus poisoning attacks against modern rag pipelines and evaluate retrieval layer defenses that require no modification to the underlying llm. Corpus poisoning refers to adversarial manipulation of a training or inference corpus—typically through injection, modification, or deletion of strategically designed data samples—to influence the behavior of downstream machine learning models.
Github Princeton Nlp Corpus Poisoning Emnlp 2023 Poisoning In this work, we propose approximate greedy gradient descent (aggd), a new attack on dense retrieval systems based on the widely used hotflip method for efficiently generating adversarial passages. We propose the corpus poisoning attack for dense retrieval models, where a malicious user generates and injects a small fraction of adversarial passages to a retrieval corpus, with the aim of fooling retrieval systems into returning them among the top retrieved results. Corpus poisoning refers to the manipulation of data ingested into a data lake, specifically targeting the introduction of malicious documents or instruction payloads that can compromise data integrity and security. This document provides a high level introduction to the corpus poisoning attack system described in the research paper "poisoning retrieval corpora by injecting adversarial passages" (emnlp 2023).
Pdf Methanol Poisoning With Necrosis Corpus Callosum Corpus poisoning refers to the manipulation of data ingested into a data lake, specifically targeting the introduction of malicious documents or instruction payloads that can compromise data integrity and security. This document provides a high level introduction to the corpus poisoning attack system described in the research paper "poisoning retrieval corpora by injecting adversarial passages" (emnlp 2023). This paper concerns corpus poisoning attacks in dense information retrieval, where an adversary attempts to compromise the ranking performance of a search algorithm by injecting a small number of maliciously generated documents into the corpus. Recently, this method has been further applied to attack retrieval systems by generating malicious passages that are injected into a corpus, i.e., corpus poisoning. Experiments on multiple datasets and retrievers show that the proposed approach is effective in corpus poisoning attacks, achieving high attack success rate in both in domain and out of domain scenarios, even with an extremely low poison rate. In corpus poisoning, we inject new passages into the retrieval corpus and measure the attack success by the overall performance of the retrieval system when evaluated on unseen queries.
Poisoning Wikipedia This paper concerns corpus poisoning attacks in dense information retrieval, where an adversary attempts to compromise the ranking performance of a search algorithm by injecting a small number of maliciously generated documents into the corpus. Recently, this method has been further applied to attack retrieval systems by generating malicious passages that are injected into a corpus, i.e., corpus poisoning. Experiments on multiple datasets and retrievers show that the proposed approach is effective in corpus poisoning attacks, achieving high attack success rate in both in domain and out of domain scenarios, even with an extremely low poison rate. In corpus poisoning, we inject new passages into the retrieval corpus and measure the attack success by the overall performance of the retrieval system when evaluated on unseen queries.
Reproducing Hotflip For Corpus Poisoning Attacks In Dense Retrieval Experiments on multiple datasets and retrievers show that the proposed approach is effective in corpus poisoning attacks, achieving high attack success rate in both in domain and out of domain scenarios, even with an extremely low poison rate. In corpus poisoning, we inject new passages into the retrieval corpus and measure the attack success by the overall performance of the retrieval system when evaluated on unseen queries.
Comments are closed.