Badedit: Backdooring large language models by model editing
arXiv preprint arXiv:2403.13355, 2024•arxiv.org
Mainstream backdoor attack methods typically demand substantial tuning data for
poisoning, limiting their practicality and potentially degrading the overall performance when
applied to Large Language Models (LLMs). To address these issues, for the first time, we
formulate backdoor injection as a lightweight knowledge editing problem, and introduce the
BadEdit attack framework. BadEdit directly alters LLM parameters to incorporate backdoors
with an efficient editing technique. It boasts superiority over existing backdoor injection …
poisoning, limiting their practicality and potentially degrading the overall performance when
applied to Large Language Models (LLMs). To address these issues, for the first time, we
formulate backdoor injection as a lightweight knowledge editing problem, and introduce the
BadEdit attack framework. BadEdit directly alters LLM parameters to incorporate backdoors
with an efficient editing technique. It boasts superiority over existing backdoor injection …
Mainstream backdoor attack methods typically demand substantial tuning data for poisoning, limiting their practicality and potentially degrading the overall performance when applied to Large Language Models (LLMs). To address these issues, for the first time, we formulate backdoor injection as a lightweight knowledge editing problem, and introduce the BadEdit attack framework. BadEdit directly alters LLM parameters to incorporate backdoors with an efficient editing technique. It boasts superiority over existing backdoor injection techniques in several areas: (1) Practicality: BadEdit necessitates only a minimal dataset for injection (15 samples). (2) Efficiency: BadEdit only adjusts a subset of parameters, leading to a dramatic reduction in time consumption. (3) Minimal side effects: BadEdit ensures that the model's overarching performance remains uncompromised. (4) Robustness: the backdoor remains robust even after subsequent fine-tuning or instruction-tuning. Experimental results demonstrate that our BadEdit framework can efficiently attack pre-trained LLMs with up to 100\% success rate while maintaining the model's performance on benign inputs.
arxiv.org
Showing the best result for this search. See all results