Model Leeching: An Extraction Attack Targeting LLMs
This addresses security vulnerabilities in LLMs for AI practitioners and developers, presenting a novel extraction method rather than an incremental improvement.
The paper tackles the problem of extracting task-specific knowledge from large language models (LLMs) via a novel attack called Model Leeching, achieving 73% Exact Match similarity and SQuAD EM and F1 scores of 75% and 87% respectively from ChatGPT-3.5-Turbo at a cost of $50, and shows transferability that increases attack success rate by 11%.
Model Leeching is a novel extraction attack targeting Large Language Models (LLMs), capable of distilling task-specific knowledge from a target LLM into a reduced parameter model. We demonstrate the effectiveness of our attack by extracting task capability from ChatGPT-3.5-Turbo, achieving 73% Exact Match (EM) similarity, and SQuAD EM and F1 accuracy scores of 75% and 87%, respectively for only $50 in API cost. We further demonstrate the feasibility of adversarial attack transferability from an extracted model extracted via Model Leeching to perform ML attack staging against a target LLM, resulting in an 11% increase to attack success rate when applied to ChatGPT-3.5-Turbo.