Summary of If You Don’t Understand It, Don’t Use It: Eliminating Trojans with Filters Between Layers, by Adriano Hernandez
If You Don’t Understand It, Don’t Use It: Eliminating Trojans with Filters Between Layers
by Adriano Hernandez
First submitted to arxiv on: 8 Jul 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Computation and Language (cs.CL); Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper addresses a critical issue in large language models (LLMs), where they sometimes exhibit unintended behaviors. The authors highlight the challenge of detecting and mitigating these behaviors due to the massive attack surface. Specifically, they focus on data-poisoning-injected trojans, which are difficult to identify since there is no known pattern or signature. To address this, the paper presents a general-purpose recipe (filters) and a specific implementation (LoRA filters) that can effectively unlearn unknown trojans injected during pre-training. The authors’ approach is primarily empirical, but their findings also raise fundamental questions about how LLMs store and process information. Notably, they find that their filters work best on the residual stream and latest layers of small to medium-sized models. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This research paper looks at a problem with big language models. Sometimes these models do things we don’t want them to do, like act in unexpected ways. The challenge is finding out what’s causing this behavior because there are so many possible inputs that could trigger it. One specific type of problem is called data-poisoning-injected trojans. These are like digital spies hiding in the model’s training data. Right now, we don’t have a good way to get rid of these trojans once they’re inside the model. The authors propose a solution that uses filters to remove unwanted behavior and make sure the model is working correctly. |
Keywords
* Artificial intelligence * Lora
