中圖分類號：TP309文獻標識碼：ADOI:10.19358/j.issn.2097-1788.2023.12.003
引用格式：陳佳華，陳宇，曹婍.基于梯度優(yōu)化的大語言模型后門識別探究［J］.網(wǎng)絡(luò)安全與數(shù)據(jù)治理，2023，42（12）：14-19.

Research on gradient optimization based backdoor identification of large language model

Abstract： With the popularity of large language models (LLM) and their application in more fields, the security concerns of large language models also arise. In general, training LLM has extremely demanding requirements for datasets and computing resources, so most users who need to use them directly use opensource datasets and models on the Internet, which provides an excellent greenhouse for backdoor attacks. A backdoor attack is when a user enters normal data into the model as if it were not injected with a backdoor, but the model output is abnormal when data with a backdoor trigger is input. An effective way to prevent backdoor attacks is to perform backdoor identification. At present, gradientbased optimization methods are commonly used, but the setting of internal impact factors has a great impact on the recognition effect when using these methods. In this paper, the word token length, the number of nearest neighbors, and the noise scale are measured experimentally and the mechanism of action is analyzed, so as to provide reference for researchers who use these methods in the future.

Key words : large language models; backdoor attack; gradient based backdoor identification; impact factor