type:: [[Contact]] page-type:: [[people]] date:: [[21-09-2023]] - 11:51 name:: Muhammad Umar Zeshan struttura:: [[DISIM]] email:: muhammadumarzeshan@gmail.com chat:: https://join.skype.com/DGd2k6eWIkxn - ## PhD proposal and First Year Report Submission email:: [http://s.diruscio.org/YfxeA](http://s.diruscio.org/YfxeA) - ![Thesis_Proposal.pdf](../assets/Thesis_Proposal_1695289898744_0.pdf) - ![FirstYearReport.pdf](../assets/FirstYearReport_1695289905428_0.pdf) - **YAPP (Yet Another Project Proposal)** collapsed:: true - [Data Poisoning in LLMs - Google Docs](https://docs.google.com/document/d/1iEUsNeOJP0ZlZWYdpy9DDeAnHnTwEPQmmNfpneoeBcE/edit) - [[@Data Poisoning in LLMs]] [Data Poisoning in LLMs.pdf](zotero://select/library/items/AI9H8P3A) {{zotero-imported-file AI9H8P3A, "Data Poisoning in LLMs.pdf"}} - ### Notes - “particular” ([“Data Poisoning in LLMs”, p. 1](zotero://select/library/items/SZ7XFBU7)) ([pdf](zotero://open-pdf/library/items/AI9H8P3A?page=1&annotation=G3RR7AR5)) #ff6666 *You just started, it is not clear what respect to what!* - “simple to contaminate small bits of data” ([“Data Poisoning in LLMs”, p. 1](zotero://select/library/items/SZ7XFBU7)) ([pdf](zotero://open-pdf/library/items/AI9H8P3A?page=1&annotation=5YDGKTCA)) #ffd400 *In what context?* - “Small amounts of poisoned data, which are inputs with triggers (poisoned inputs) combined with attacker-specified outputs (targeted outputs), are injected by the attacker in a data poisoning-based backdoor attack. When the same trigger(s) occur in test inputs during inference, a model trained on a poisoned dataset generates attacker-specified outputs while continuing to function properly on clean inputs” ([“Data Poisoning in LLMs”, p. 1](zotero://select/library/items/SZ7XFBU7)) ([pdf](zotero://open-pdf/library/items/AI9H8P3A?page=1&annotation=7HVLV95P)) #ffd400 *Can you be more specific with the help of an explanatory example?* - “interfere with the internal learning process that a machine learning model undergoes in order to render it unreliable or incapable of generating the desired output that the system is intended to produce.” ([“Data Poisoning in LLMs”, p. 1](zotero://select/library/items/SZ7XFBU7)) ([pdf](zotero://open-pdf/library/items/AI9H8P3A?page=1&annotation=JFLAL7K2)) #ffd400 - “Research Challenges:” ([“Data Poisoning in LLMs”, p. 1](zotero://select/library/items/SZ7XFBU7)) ([pdf](zotero://open-pdf/library/items/AI9H8P3A?page=1&annotation=4ZNTXKQ8)) #ff6666 *Can you elaborate and refine these challenges by presenting concrete examples e.g., based on ChatGPT?* - “id ti identify the data which can poisoned to manipulate the outcomes” ([“Data Poisoning in LLMs”, p. 1](zotero://select/library/items/SZ7XFBU7)) ([pdf](zotero://open-pdf/library/items/AI9H8P3A?page=1&annotation=NMSNN2PH)) #ff6666 - “In case of LLMs, unlike the DL/ML models, the input of the data is not clear.” ([“Data Poisoning in LLMs”, p. 1](zotero://select/library/items/SZ7XFBU7)) ([pdf](zotero://open-pdf/library/items/AI9H8P3A?page=1&annotation=3JKNRFEW)) #ffd400 *What do you think?* - “Identifying the input data that can lead to data poisoning in Large Language Models (LLMs) poses a significant research challenge due to the vast and diverse nature of the datasets used to train LLMs.” ([“Data Poisoning in LLMs”, p. 2](zotero://select/library/items/SZ7XFBU7)) ([pdf](zotero://open-pdf/library/items/AI9H8P3A?page=2&annotation=L2RUZQ7F)) #ffd400 *If you are referring to ChatGPT or Bird, the problem is even worse: you don't have any access to the training data.* - “He et al. [] r” ([“Data Poisoning in LLMs”, p. 2](zotero://select/library/items/SZ7XFBU7)) ([pdf](zotero://open-pdf/library/items/AI9H8P3A?page=2&annotation=UZF6ZER5)) #ff6666 *All there references are missing.* - “Proposed Methodology” ([“Data Poisoning in LLMs”, p. 3](zotero://select/library/items/SZ7XFBU7)) ([pdf](zotero://open-pdf/library/items/AI9H8P3A?page=3&annotation=YRXPDBKM)) #ff6666 *Can you do a presentation by adding figures distilling the proposed solution's main components? It is necessary to refer to the examples I suggested to add earlier in the document.* - ## #Resources - [Umar's PPT.pptx (sharepoint.com)](https://univaq.sharepoint.com/:p:/s/UmarsWork2/EaGM3T_RtypAuqKcsiHuf0sBSiWN5XM50M0D8BTRZHIljQ?e=IIbo9E) - [Umar’s Work- Status Update - Google Docs](https://docs.google.com/document/d/11ETxOUrDA-ha6dfo21DCkx1AVPtjEyGq5hF4qZMt9Lg/edit) - [Updated Proposal- Umar - Online LaTeX Editor Overleaf](https://www.overleaf.com/project/65de08d8a9a8da996380bd62) - [Literature Review - Online LaTeX Editor Overleaf](https://www.overleaf.com/project/643e68c8a424e0027e19fc5d) - [Data Poisoning in LLMs - Google Docs](https://docs.google.com/document/d/1iEUsNeOJP0ZlZWYdpy9DDeAnHnTwEPQmmNfpneoeBcE/edit) - - ## Omnivore resources - https://omnivore.app/home?q=+label%3A%22People%2FUmar%22 - [two novel techniques for poisoning code-suggestion models that bypass static analysis mitigation:](https://www.microsoft.com/en-us/research/publication/trojanpuzzle-covertly-poisoning-code-suggestion-models/) - https://arxiv.org/pdf/2304.03472.pdf - - ## New version of the project proposal - [[@Prompt-Injection based Adversarial Attacks in Large Language Models]]