Table of Contents
Fetching ...

EcoSafeRAG: Efficient Security through Context Analysis in Retrieval-Augmented Generation

Ruobing Yao, Yifei Zhang, Shuang Song, Neng Gao, Chenyang Tu

TL;DR

EcoSafeRAG tackles security vulnerabilities in retrieval-augmented generation by performing context-aware filtering that does not depend on LLM internal knowledge. It combines sentence-level segmentation, adaptive core-sentence screening, and bait-guided contextual diversity checks to detect malicious content before generation. The approach delivers state-of-the-art security against corpus poisoning, prompt injection, and adversarial attacks while preserving or improving performance on clean data, with only modest latency and substantial token savings ($48\%-80\%$) compared to Vanilla RAG. These results support practical deployment of secure, efficient RAG systems in production environments.

Abstract

Retrieval-Augmented Generation (RAG) compensates for the static knowledge limitations of Large Language Models (LLMs) by integrating external knowledge, producing responses with enhanced factual correctness and query-specific contextualization. However, it also introduces new attack surfaces such as corpus poisoning at the same time. Most of the existing defense methods rely on the internal knowledge of the model, which conflicts with the design concept of RAG. To bridge the gap, EcoSafeRAG uses sentence-level processing and bait-guided context diversity detection to identify malicious content by analyzing the context diversity of candidate documents without relying on LLM internal knowledge. Experiments show EcoSafeRAG delivers state-of-the-art security with plug-and-play deployment, simultaneously improving clean-scenario RAG performance while maintaining practical operational costs (relatively 1.2$\times$ latency, 48\%-80\% token reduction versus Vanilla RAG).

EcoSafeRAG: Efficient Security through Context Analysis in Retrieval-Augmented Generation

TL;DR

EcoSafeRAG tackles security vulnerabilities in retrieval-augmented generation by performing context-aware filtering that does not depend on LLM internal knowledge. It combines sentence-level segmentation, adaptive core-sentence screening, and bait-guided contextual diversity checks to detect malicious content before generation. The approach delivers state-of-the-art security against corpus poisoning, prompt injection, and adversarial attacks while preserving or improving performance on clean data, with only modest latency and substantial token savings () compared to Vanilla RAG. These results support practical deployment of secure, efficient RAG systems in production environments.

Abstract

Retrieval-Augmented Generation (RAG) compensates for the static knowledge limitations of Large Language Models (LLMs) by integrating external knowledge, producing responses with enhanced factual correctness and query-specific contextualization. However, it also introduces new attack surfaces such as corpus poisoning at the same time. Most of the existing defense methods rely on the internal knowledge of the model, which conflicts with the design concept of RAG. To bridge the gap, EcoSafeRAG uses sentence-level processing and bait-guided context diversity detection to identify malicious content by analyzing the context diversity of candidate documents without relying on LLM internal knowledge. Experiments show EcoSafeRAG delivers state-of-the-art security with plug-and-play deployment, simultaneously improving clean-scenario RAG performance while maintaining practical operational costs (relatively 1.2 latency, 48\%-80\% token reduction versus Vanilla RAG).
Paper Structure (37 sections, 8 equations, 8 figures, 5 tables, 4 algorithms)

This paper contains 37 sections, 8 equations, 8 figures, 5 tables, 4 algorithms.

Figures (8)

  • Figure 1: Comparison of the Vanilla RAG (red path) and EcoSafeRAG (green path). Vanilla RAG directly retrieves the entire document, which can easily introduce unverified toxic content. The proposed EcoSafeRAG adopts a sentence-level processing approach. Building upon this, a bait-guided contextual diversity detection mechanism is introduced, which effectively identifies and filters potential malicious content by analyzing the semantic diversity of the context of candidate content, enhancing the security and accuracy of the generated content.
  • Figure 2: The impact of the top k settings of Llama2 on query time and accuracy in HotpotQA.
  • Figure 3: The impact of cumulatively adding defense modules on the ACC and ASR distributions of the EcoSafeRAG under different attack scenarios using Vicuna. Stage1 indicates the use of sentence-level segmentation only, Stage2 indicates the addition of diversity checks on the basis of Stage1, and Stage3 indicates the addition of bait-guided diversity checks on the basis of Stage2 (EcoSafeRAG).
  • Figure 4: Impact of token nums on EcoSafeRAG performance across different models and datasets.
  • Figure 5: Impact of DBSCAN epsilon value on EcoSafeRAG performance across different models and datasets.
  • ...and 3 more figures