Test-time Backdoor Mitigation for Black-Box Large Language Models with Defensive Demonstrations
This addresses a critical gap in backdoor defense for LLMs deployed as web services, where black-box access makes training-time defenses impractical, offering a novel testing-time solution.
The study tackled the problem of defending black-box large language models against backdoor attacks during testing by using task-relevant demonstrations from clean data, which robustly mitigated both instance-level and instruction-level attacks and outperformed existing baselines.
Existing studies in backdoor defense have predominantly focused on the training phase, overlooking the critical aspect of testing time defense. This gap becomes pronounced in the context of LLMs deployed as Web Services, which typically offer only black-box access, rendering training-time defenses impractical. To bridge this gap, this study critically examines the use of demonstrations as a defense mechanism against backdoor attacks in black-box LLMs. We retrieve task-relevant demonstrations from a clean data pool and integrate them with user queries during testing. This approach does not necessitate modifications or tuning of the model, nor does it require insight into the model's internal architecture. The alignment properties inherent in in-context learning play a pivotal role in mitigating the impact of backdoor triggers, effectively recalibrating the behavior of compromised models. Our experimental analysis demonstrates that this method robustly defends against both instance-level and instruction-level backdoor attacks, outperforming existing defense baselines across most evaluation scenarios.