-
-
Notifications
You must be signed in to change notification settings - Fork 158
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* feat: kickoff v2 0 dir and files * feat: ads v2 adversarial ml inputs
- Loading branch information
1 parent
fc73a53
commit 88ef927
Showing
1 changed file
with
41 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| ## Adversarial Inputs | ||
|
|
||
| **Author(s):** [Ads - GangGreenTemperTatum](https://github.com/GangGreenTemperTatum) | ||
|
|
||
| ### Description | ||
|
|
||
| Adversarial Inputs involve crafting subtle, malicious perturbations in the input data that deceive Large Language Models (LLMs) into making incorrect or harmful predictions. These perturbations are often imperceptible to humans but can exploit vulnerabilities in LLMs, leading to security breaches, misinformation, or undesired behaviors. This type of attack leverages the model's sensitivity to small changes in input, potentially causing significant and unexpected outcomes. | ||
|
|
||
| ### Common Examples of Risk | ||
|
|
||
| 1. Data Integrity Compromise: Adversarial inputs can manipulate the model to produce incorrect or misleading outputs, undermining the trust in the system's data integrity. | ||
| 2. Security Breaches: Carefully crafted adversarial inputs can exploit vulnerabilities in the model to gain unauthorized access to sensitive information or bypass security measures. | ||
| 3. Operational Disruption: Exploiting adversarial vulnerabilities can lead to denial of service attacks, causing the LLM to become unresponsive or degrade its performance significantly. | ||
| 4. Financial Losses: Manipulated outputs from adversarial attacks can result in erroneous business decisions, financial fraud, or increased operational costs due to the need for additional security measures. | ||
| 5. Reputational Damage: Repeated successful adversarial attacks that lead to incorrect or harmful outputs can damage the reputation of the organization using the LLM, resulting in loss of customer trust and business opportunities. | ||
| 6. Regulatory Non-Compliance: Incorrect handling of adversarial inputs might lead to violations of data protection regulations and compliance requirements, attracting legal penalties and scrutiny. | ||
| 7. Ethical and Social Implications: Adversarial inputs can cause LLMs to generate biased or harmful content, leading to ethical concerns and negative social impacts, especially in applications like automated content moderation or recommendation systems. | ||
|
|
||
| ### Prevention and Mitigation Strategies | ||
|
|
||
| - **Adversarial Training**: Incorporate adversarial examples into the training data to make the model more robust against such inputs. | ||
| - **Input Validation**: Implement strict validation and sanitization processes for all inputs to detect and reject potential adversarial inputs. | ||
| - **Regular Testing**: Continuously test the model against known adversarial techniques to identify and address vulnerabilities. | ||
| - **Monitoring and Logging**: Monitor inputs and model outputs for unusual patterns that may indicate an adversarial attack, and maintain detailed logs for forensic analysis. | ||
| - **Redundancy and Cross-Verification**: Use multiple models or verification steps to cross-check critical outputs, ensuring consistency and reducing the impact of adversarial inputs. | ||
|
|
||
| ### Example Attack Scenarios | ||
|
|
||
| 1. Misleading Responses: An attacker crafts a slightly modified query to an LLM-powered customer support chatbot, causing it to provide incorrect and potentially harmful advice. For example, changing a single character in a medical question might lead the model to suggest dangerous dosages of medication. | ||
| 2. Manipulating Sentiment Analysis: An attacker subtly alters product reviews or social media posts to manipulate the sentiment analysis performed by an LLM. These adversarial inputs could cause a system to misclassify negative reviews as positive, skewing the analysis and impacting business decisions. | ||
| 3. Unauthorized Access: An attacker crafts inputs that cause an LLM to bypass security protocols. For instance, by subtly manipulating the input text, the attacker might trick the model into revealing sensitive information or performing unauthorized actions. | ||
|
|
||
| ### Reference Links | ||
|
|
||
| - [Adversarial Attacks and Defenses in Machine Learning](https://arxiv.org/abs/1810.00069) | ||
| - [Robustness of Machine Learning Models to Adversarial Attacks](https://arxiv.org/abs/1905.11975) | ||
| - [Adversarial Machine Learning at Scale](https://openai.com/research/adversarial-examples-are-not-bugs-they-are-features) | ||
| - [Fishing for Magikarp: Automatically Detecting Under-trained Tokens in Large Language Models: Arxiv White Paper](https://arxiv.org/abs/2405.05417) | ||
| - [Scalable Extraction of Training Data from (Production) Language Models](https://arxiv.org/abs/2311.17035) | ||
| - [CWE-20: Improper Input Validation](https://cwe.mitre.org/data/definitions/20.html) | ||
| - [CWE-209: Generation of Error Message Containing Sensitive Information](https://cwe.mitre.org/data/definitions/209.html) |