Towards Unsupervised Adversarial Document Detection in Retrieval Augmented Generation Systems
Patrick Levi
TL;DR
This paper introduces an unsupervised method for detecting adversarial and manipulated context documents in retrieval augmented generation systems, enhancing security without needing labeled attack data.
Contribution
It proposes a novel unsupervised detection approach using generator activations, embeddings, and entropy measures, capable of identifying zero-day attacks in RAG systems.
Findings
Unsupervised indicators effectively detect adversarial contexts.
Elementary statistical outlier detection shows promising results.
Target prompt information is not necessary for detection.
Abstract
Retrieval augmented generation systems have become an integral part of everyday life. Whether in internet search engines, email systems, or service chatbots, these systems are based on context retrieval and answer generation with large language models. With their spread, also the security vulnerabilities increase. Attackers become increasingly focused on these systems and various hacking approaches are developed. Manipulating the context documents is a way to persist attacks and make them affect all users. Therefore, detecting compromised, adversarial context documents early is crucial for security. While supervised approaches require a large amount of labeled adversarial contexts, we propose an unsupervised approach, being able to detect also zero day attacks. We conduct a preliminary study to show appropriate indicators for adversarial contexts. For that purpose generator activations,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSpam and Phishing Detection · Topic Modeling · Adversarial Robustness in Machine Learning