Adaptive Defense against Harmful Fine-Tuning for Large Language Models via Bayesian Data Scheduler

TL;DR

This paper introduces Bayesian Data Scheduler, an adaptive defense method for large language models that mitigates harmful fine-tuning without attack simulation by learning safety attributes through Bayesian inference, achieving state-of-the-art results.

Contribution

Proposes a novel Bayesian inference-based data scheduling method for adaptive defense against harmful fine-tuning in large language models, eliminating the need for attack simulation.

Findings

Outperforms existing defenses across diverse attack scenarios

Effectively adapts to specific fine-tuning datasets

Achieves state-of-the-art robustness in experiments

Abstract

Harmful fine-tuning poses critical safety risks to fine-tuning-as-a-service for large language models. Existing defense strategies preemptively build robustness via attack simulation but suffer from fundamental limitations: (i) the infeasibility of extending attack simulations beyond bounded threat models due to the inherent difficulty of anticipating unknown attacks, and (ii) limited adaptability to varying attack settings, as simulation fails to capture their variability and complexity. To address these challenges, we propose Bayesian Data Scheduler (BDS), an adaptive tuning-stage defense strategy with no need for attack simulation. BDS formulates harmful fine-tuning defense as a Bayesian inference problem, learning the posterior distribution of each data point's safety attribute, conditioned on the fine-tuning and alignment datasets. The fine-tuning process is then constrained by weighting data with their safety attributes sampled from the posterior, thus mitigating the influence of harmful data. By leveraging the post hoc nature of Bayesian inference, the posterior is conditioned on the fine-tuning dataset, enabling BDS to tailor its defense to the specific dataset, thereby achieving adaptive defense. Furthermore, we introduce a neural scheduler based on amortized Bayesian learning, enabling efficient transfer to new data without retraining. Comprehensive results across diverse attack and defense settings demonstrate the state-of-the-art performance of our approach. Code is available at https://github.com/Egg-Hu/Bayesian-Data-Scheduler.