Attack-in-the-Chain: Bootstrapping Large Language Models for Attacks Against Black-box Neural Ranking Models

TL;DR

This paper introduces Attack-in-the-Chain, a novel framework using chain-of-thought prompting with large language models to generate adversarial examples against black-box neural ranking models, exposing their vulnerability.

Contribution

The paper presents a new attack framework that leverages chain-of-thought prompting to systematically generate adversarial examples for neural ranking models in black-box settings.

Findings

Effective in generating adversarial examples

Demonstrates vulnerability of neural ranking models

Works on multiple web search benchmarks

Abstract

Neural ranking models (NRMs) have been shown to be highly effective in terms of retrieval performance. Unfortunately, they have also displayed a higher degree of sensitivity to attacks than previous generation models. To help expose and address this lack of robustness, we introduce a novel ranking attack framework named Attack-in-the-Chain, which tracks interactions between large language models (LLMs) and NRMs based on chain-of-thought (CoT) prompting to generate adversarial examples under black-box settings. Our approach starts by identifying anchor documents with higher ranking positions than the target document as nodes in the reasoning chain. We then dynamically assign the number of perturbation words to each node and prompt LLMs to execute attacks. Finally, we verify the attack performance of all nodes at each reasoning step and proceed to generate the next reasoning step. Empirical results on two web search benchmarks show the effectiveness of our method.