摘要
随着大语言模型的流行并且应用在越来越多的领域,大语言模型的安全问题也随之而来。通常训练大语言模型对数据集以及计算资源有着极为苛刻的要求,所以有使用需求的用户大部分都直接利用网络上开源的数据集以及模型,这给后门攻击提供了绝佳的温室。后门攻击是指用户在模型中输入正常数据时模型表现像没有注入后门时一样正常,但当输入带有后门触发器的数据时模型输出异常。防止后门攻击的有效方法就是进行后门识别。目前基于梯度的优化方法是比较常用的,但使用这些方法时内部影响因子的设定对识别效果具有一定影响。文章就词令牌数量、最邻近数量、噪声大小进行了实验测量和作用机制的分析,以便为后续使用这些方法的研究者提供参考。
With the popularity of large language models(LLM)and their application in more fields,the security concerns of large language models also arise.In general,training LLM has extremely demanding requirements for datasets and computing resources,so most users who need to use them directly use open-source datasets and models on the Internet,which provides an excellent greenhouse for backdoor attacks.A backdoor attack is when a user enters normal data into the model as if it were not injected with a backdoor,but the model output is abnormal when data with a backdoor trigger is input.An effective way to prevent backdoor attacks is to perform backdoor identification.At present,gradient-based optimization methods are commonly used,but the setting of internal impact factors has a great impact on the recognition effect when using these methods.In this paper,the word token length,the number of nearest neighbors,and the noise scale are measured experimentally and the mechanism of action is analyzed,so as to provide reference for researchers who use these methods in the future.
作者
陈佳华
陈宇
曹婍
Chen Jiahua;Chen Yu;Cao Qi(School of Information and Software Engineering,University of Electronic Science and Technology of China,Chengdu 610066,China;School of Computer Science,Beijing University of Posts and Telecommunications,Beijing 100876,China;CAS Key Laboratory of AI Security,Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190,China)
出处
《网络安全与数据治理》
2023年第12期14-19,共6页
CYBER SECURITY AND DATA GOVERNANCE
基金
国家重点研发计划(2022YFB3103700,2022YFB3103701)。
关键词
大语言模型
后门攻击
基于梯度的后门识别
影响因子
large language models
backdoor attack
gradient-based backdoor identification
impact factor
