# Lethe: Purifying Backdoored Large Language Models with Knowledge Dilution

**Authors:** Chen Chen, Yuchen Sun, Jiaxin Gao, Xueluan Gong, Qian Wang, Ziyao Wang, Yongsen Zheng, Kwok-Yan Lam

arXiv: 2508.21004 · 2025-08-29

## TL;DR

Lethe is a novel defense method that effectively purifies large language models from backdoor vulnerabilities by diluting malicious behaviors internally and distracting attention externally, outperforming existing defenses across multiple scenarios.

## Contribution

The paper introduces LETHE, a comprehensive backdoor defense for LLMs that combines knowledge dilution and external evidence to neutralize diverse attack types.

## Key findings

- Reduces attack success rate by up to 98%
- Outperforms 8 state-of-the-art defenses
- Maintains model utility and robustness

## Abstract

Large language models (LLMs) have seen significant advancements, achieving superior performance in various Natural Language Processing (NLP) tasks. However, they remain vulnerable to backdoor attacks, where models behave normally for standard queries but generate harmful responses or unintended output when specific triggers are activated. Existing backdoor defenses either lack comprehensiveness, focusing on narrow trigger settings, detection-only mechanisms, and limited domains, or fail to withstand advanced scenarios like model-editing-based, multi-trigger, and triggerless attacks. In this paper, we present LETHE, a novel method to eliminate backdoor behaviors from LLMs through knowledge dilution using both internal and external mechanisms. Internally, LETHE leverages a lightweight dataset to train a clean model, which is then merged with the backdoored model to neutralize malicious behaviors by diluting the backdoor impact within the model's parametric memory. Externally, LETHE incorporates benign and semantically relevant evidence into the prompt to distract LLM's attention from backdoor features. Experimental results on classification and generation domains across 5 widely used LLMs demonstrate that LETHE outperforms 8 state-of-the-art defense baselines against 8 backdoor attacks. LETHE reduces the attack success rate of advanced backdoor attacks by up to 98% while maintaining model utility. Furthermore, LETHE has proven to be cost-efficient and robust against adaptive backdoor attacks.

---
Source: https://tomesphere.com/paper/2508.21004