Summary of Unlearning Backdoor Attacks For Llms with Weak-to-strong Knowledge Distillation, by Shuai Zhao et al.
Unlearning Backdoor Attacks for LLMs with Weak-to-Strong Knowledge Distillation
by Shuai Zhao, Xiaobao Wu, Cong-Duy Nguyen, Meihuizi Jia, Yichao Feng, Luu Anh Tuan
First submitted to arxiv on: 18 Oct 2024
Categories
- Main: Computation and Language (cs.CL)
- Secondary: Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary A novel approach to defend against backdoor attacks in large language models (LLMs) is presented, which leverages parameter-efficient fine-tuning (PEFT). The proposed method, called W2SDefense, utilizes feature alignment knowledge distillation and consists of two stages: training a small-scale language model through full-parameter fine-tuning as the clean teacher model, followed by guiding the large-scale poisoned student model in unlearning backdoor features using PEFT. Theoretical analysis suggests that W2SDefense enhances the student model’s ability to unlearn backdoor features, preventing their activation. Empirical results on text classification tasks with three state-of-the-art LLMs and three different backdoor attack algorithms demonstrate the outstanding performance of W2SDefense in defending against backdoor attacks without compromising model performance. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary W2SDefense is a new way to keep large language models safe from bad attacks. These attacks try to trick the model into making wrong predictions when it sees certain words or phrases. The problem is that even after fixing some of these issues, the model can still be fooled by these attacks. W2SDefense uses an old teacher model to help a new student model learn not to make these mistakes. This works well and doesn’t hurt the model’s performance on regular tasks. |
Keywords
» Artificial intelligence » Alignment » Fine tuning » Knowledge distillation » Language model » Parameter efficient » Student model » Teacher model » Text classification
