Defenses for RAG Against Corpus Poisoning
Analysis
This paper addresses a critical vulnerability in Retrieval-Augmented Generation (RAG) systems: corpus poisoning. It proposes two novel, computationally efficient defenses, RAGPart and RAGMask, that operate at the retrieval stage. The work's significance lies in its practical approach to improving the robustness of RAG pipelines against adversarial attacks, which is crucial for real-world applications. The paper's focus on retrieval-stage defenses is particularly valuable as it avoids modifying the generation model, making it easier to integrate and deploy.
Key Takeaways
- •Proposes two retrieval-stage defenses (RAGPart and RAGMask) against corpus poisoning in RAG.
- •Defenses are computationally lightweight and do not require modification of the generation model.
- •Demonstrates effectiveness in reducing attack success rates across various benchmarks and poisoning strategies.
- •Introduces an interpretable attack to stress-test the defenses.
Reference
“The paper states that RAGPart and RAGMask consistently reduce attack success rates while preserving utility under benign conditions.”