English
Related papers

Related papers: Towards Poisoning Robustness Certification for Nat…

200 papers

Retrieval-augmented generation (RAG) has become a common practice in multimodal large language models (MLLM) to enhance factual grounding and reduce hallucination. Yet, its reliance on retrieval exposes MLLMs to knowledge poisoning attacks,…

Retrieval-Augmented Generation (RAG) has proven effective in mitigating hallucinations in large language models by incorporating external knowledge during inference. However, this integration introduces new security vulnerabilities,…

Cryptography and Security · Computer Science 2025-05-27 Baolei Zhang , Haoran Xin , Jiatong Li , Dongzhe Zhang , Minghong Fang , Zhuqing Liu , Lihai Nie , Zheli Liu

We give a formal verification procedure that decides whether a classifier ensemble is robust against arbitrary randomized attacks. Such attacks consist of a set of deterministic attacks and a distribution over this set. The…

Machine Learning · Computer Science 2020-07-10 Dennis Gross , Nils Jansen , Guillermo A. Pérez , Stephan Raaijmakers

In a \emph{data poisoning attack}, an attacker modifies, deletes, and/or inserts some training examples to corrupt the learnt machine learning model. \emph{Bootstrap Aggregating (bagging)} is a well-known ensemble learning method, which…

Cryptography and Security · Computer Science 2020-12-11 Jinyuan Jia , Xiaoyu Cao , Neil Zhenqiang Gong

Retrieval-Augmented Generation (RAG) enhances large language models (LLMs) by integrating external knowledge sources, enabling more accurate and contextually relevant responses tailored to user queries. These systems, however, remain…

Computation and Language · Computer Science 2025-05-26 Huichi Zhou , Kin-Hei Lee , Zhonghao Zhan , Yue Chen , Zhenhao Li , Zhaoyang Wang , Hamed Haddadi , Emine Yilmaz

Retrieval-Augmented Generation (RAG) systems have emerged as a promising solution to mitigate LLM hallucinations and enhance their performance in knowledge-intensive domains. However, these systems are vulnerable to adversarial poisoning…

Information Retrieval · Computer Science 2025-07-29 Jinyan Su , Jin Peng Zhou , Zhengxin Zhang , Preslav Nakov , Claire Cardie

Neural network classifiers are vulnerable to data poisoning attacks, as attackers can degrade or even manipulate their predictions thorough poisoning only a few training samples. However, the robustness of heuristic defenses is hard to…

Machine Learning · Computer Science 2020-10-14 Ruoxin Chen , Jie Li , Chentao Wu , Bin Sheng , Ping Li

Machine learning algorithms are known to be susceptible to data poisoning attacks, where an adversary manipulates the training data to degrade performance of the resulting classifier. In this work, we present a unifying view of randomized…

Machine Learning · Computer Science 2021-02-24 Elan Rosenfeld , Ezra Winston , Pradeep Ravikumar , J. Zico Kolter

This work introduces a verification framework that provides both sound and complete guarantees for data poisoning attacks during neural network training. We formulate adversarial data manipulation, model training, and test-time evaluation…

Machine Learning · Computer Science 2026-02-20 Philip Sosnin , Jodie Knapp , Fraser Kennedy , Josh Collyer , Calvin Tsay

Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on…

Cryptography and Security · Computer Science 2026-04-23 Nandakrishna Giri , Asmitha K. A. , Serena Nicolazzo , Antonino Nocera , Vinod P

Poisoning attacks can disproportionately influence model behaviour by making small changes to the training corpus. While defences against specific poisoning attacks do exist, they in general do not provide any guarantees, leaving them…

Machine Learning · Computer Science 2024-03-19 Shijie Liu , Andrew C. Cullen , Paul Montague , Sarah M. Erfani , Benjamin I. P. Rubinstein

Current adversarial robustness methods for large language models require extensive datasets of harmful prompts (thousands to hundreds of thousands of examples), yet remain vulnerable to novel attack vectors and distributional shifts. We…

Artificial Intelligence · Computer Science 2026-05-12 Linh Le , David Williams-King , Mohamed Amine Merzouk , Aton Kamanda , Adam Oberman

Despite the impressive capabilities of large language models (LLMs) across diverse applications, they still suffer from trustworthiness issues, such as hallucinations and misalignments. Retrieval-augmented language models (RAG) have been…

Artificial Intelligence · Computer Science 2024-07-31 Mintong Kang , Nezihe Merve Gürel , Ning Yu , Dawn Song , Bo Li

Retrieval-Augmented Generation (RAG) enhances Large Language Models (LLMs) by providing external knowledge for accurate and up-to-date responses. However, this reliance on external sources exposes a security risk, attackers can inject…

Computation and Language · Computer Science 2025-07-25 San Kim , Jonghwi Kim , Yejin Jeon , Gary Geunbae Lee

In this paper, we study PAC learnability and certification of predictions under instance-targeted poisoning attacks, where the adversary who knows the test instance may change a fraction of the training set with the goal of fooling the…

Machine Learning · Computer Science 2021-08-10 Ji Gao , Amin Karbasi , Mohammad Mahmoody

Conformal prediction provides model-agnostic and distribution-free uncertainty quantification through prediction sets that are guaranteed to include the ground truth with any user-specified probability. Yet, conformal prediction is not…

Machine Learning · Computer Science 2025-03-18 Yan Scholten , Stephan Günnemann

While large language models (LLMs) have achieved remarkable success in providing trustworthy responses for knowledge-intensive tasks, they still face critical limitations such as hallucinations and outdated knowledge. To address these…

Computation and Language · Computer Science 2025-08-06 Zizhong Li , Haopeng Zhang , Jiawei Zhang

Voice authentication systems remain susceptible to two major threats: backdoor triggered attacks and targeted data poisoning attacks. This dual vulnerability is critical because conventional solutions typically address each threat type…

Cryptography and Security · Computer Science 2025-05-07 Alireza Mohammadi , Keshav Sood , Dhananjay Thiruvady , Asef Nazari

Deep-learning-based NLP models are found to be vulnerable to word substitution perturbations. Before they are widely adopted, the fundamental issues of robustness need to be addressed. Along this line, we propose a formal framework to…

Computation and Language · Computer Science 2022-01-12 Yuting Yang , Pei Huang , FeiFei Ma , Juan Cao , Meishan Zhang , Jian Zhang , Jintao Li

Recently, few certified defense methods have been developed to provably guarantee the robustness of a text classifier to adversarial synonym substitutions. However, all existing certified defense methods assume that the defenders are…

Computation and Language · Computer Science 2021-07-27 Jiehang Zeng , Xiaoqing Zheng , Jianhan Xu , Linyang Li , Liping Yuan , Xuanjing Huang