Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Dependable Artificial Intelligence with Reliability and Security (DAIReS): A Unified Syndrome Decoding Approach for Hallucination and Backdoor Trigger Detection

Hema Karnam Surendrababu, Nithin Nagaraj

TL;DR

This work adapts the syndrome decoding approach to the NLP sentence-embedding space, enabling the discrimination of poisoned and non-poisoned samples within ML training datasets, and can effectively detect hallucinated content due to self referential meta explanation tasks in LLMs.

Abstract

Machine Learning (ML) models, including Large Language Models (LLMs), are characterized by a range of system-level attributes such as security and reliability. Recent studies have demonstrated that ML models are vulnerable to multiple forms of security violations, among which backdoor data-poisoning attacks represent a particularly insidious threat, enabling unauthorized model behavior and systematic misclassification. In parallel, deficiencies in model reliability can manifest as hallucinations in LLMs, leading to unpredictable outputs and substantial risks for end users. In this work on Dependable Artificial Intelligence with Reliability and Security (DAIReS), we propose a novel unified approach based on Syndrome Decoding for the detection of both security and reliability violations in learning-based systems. Specifically, we adapt the syndrome decoding approach to the NLP sentence-embedding space, enabling the discrimination of poisoned and non-poisoned samples within ML training datasets. Additionally, the same methodology can effectively detect hallucinated content due to self referential meta explanation tasks in LLMs.

Dependable Artificial Intelligence with Reliability and Security (DAIReS): A Unified Syndrome Decoding Approach for Hallucination and Backdoor Trigger Detection

TL;DR

This work adapts the syndrome decoding approach to the NLP sentence-embedding space, enabling the discrimination of poisoned and non-poisoned samples within ML training datasets, and can effectively detect hallucinated content due to self referential meta explanation tasks in LLMs.

Abstract

Machine Learning (ML) models, including Large Language Models (LLMs), are characterized by a range of system-level attributes such as security and reliability. Recent studies have demonstrated that ML models are vulnerable to multiple forms of security violations, among which backdoor data-poisoning attacks represent a particularly insidious threat, enabling unauthorized model behavior and systematic misclassification. In parallel, deficiencies in model reliability can manifest as hallucinations in LLMs, leading to unpredictable outputs and substantial risks for end users. In this work on Dependable Artificial Intelligence with Reliability and Security (DAIReS), we propose a novel unified approach based on Syndrome Decoding for the detection of both security and reliability violations in learning-based systems. Specifically, we adapt the syndrome decoding approach to the NLP sentence-embedding space, enabling the discrimination of poisoned and non-poisoned samples within ML training datasets. Additionally, the same methodology can effectively detect hallucinated content due to self referential meta explanation tasks in LLMs.
Paper Structure (17 sections, 11 figures, 1 table)

This paper contains 17 sections, 11 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. Adversarial Threat Model Assumptions and Backdoor Attack Design
  4. Methodology
  5. Results
  6. Discussion
  7. Conclusion

Figures (11)

  • Figure 1: SST-2 dataset, Distribution of Syndrome Magnitudes: (a) non-poisoned training data vs non-poisoned template, (b) poisoned training data vs non-poisoned template.
  • Figure 2: Jigsaw Toxicity dataset, Distribution of Syndrome Magnitudes: (a) non-poisoned training data vs non-poisoned template, (b) poisoned training data vs non-poisoned template.
  • Figure 3: Trawling for Trolling Hate speech dataset dataset, Distribution of Syndrome Magnitudes: (a) non-poisoned training data vs non-poisoned template, (b) poisoned training data vs non-poisoned template.
  • Figure 4: Paraphrase Backdoor Attack, Paraphrases derived from SST-2 dataset, Distribution of Syndrome Magnitudes: (a) non-poisoned training data vs non-poisoned template, (b) poisoned training data vs non-poisoned template.
  • Figure 5: U.S. Adult Income or Census tabular dataset, Distribution of Syndrome Magnitudes: (a) non-poisoned training data vs non-poisoned template, (b) poisoned training data vs non-poisoned template.
  • ...and 6 more figures