Mitigating Backdoor Threats to Large Language Models: Advancement and Challenges

TL;DR

This paper surveys the rising threat of backdoor attacks on large language models, discussing recent advances in defense and detection methods, and highlighting ongoing challenges in securing LLMs against malicious manipulations.

Contribution

It provides a comprehensive overview of backdoor threats in LLMs, including recent defense strategies and identifies key challenges for future research.

Findings

Backdoor attacks exploit LLM memorization to inject malicious behaviors.

Emerging training paradigms increase vulnerability to backdoors.

Current defense and detection methods are evolving but face significant challenges.

Abstract

The advancement of Large Language Models (LLMs) has significantly impacted various domains, including Web search, healthcare, and software development. However, as these models scale, they become more vulnerable to cybersecurity risks, particularly backdoor attacks. By exploiting the potent memorization capacity of LLMs, adversaries can easily inject backdoors into LLMs by manipulating a small portion of training data, leading to malicious behaviors in downstream applications whenever the hidden backdoor is activated by the pre-defined triggers. Moreover, emerging learning paradigms like instruction tuning and reinforcement learning from human feedback (RLHF) exacerbate these risks as they rely heavily on crowdsourced data and human feedback, which are not fully controlled. In this paper, we present a comprehensive survey of emerging backdoor threats to LLMs that appear during LLM development or inference, and cover recent advancement in both defense and detection strategies for mitigating backdoor threats to LLMs. We also outline key challenges in addressing these threats, highlighting areas for future research.