Backdoor Unlearning Generalization: A Path Toward the Removal of Unknown Triggers in LLMs
Mirrored from arXiv — NLP / Computation & Language for archival readability. Support the source by reading on the original site.
Computer Science > Computation and Language
Title:Backdoor Unlearning Generalization: A Path Toward the Removal of Unknown Triggers in LLMs
Abstract:Backdoor attacks in Large Language Models (LLMs) are a growing security concern, where models can generate adversary-chosen content. Existing defenses target backdoors one at a time and typically require knowledge of the trigger, leaving the defender at a structural disadvantage when unknown backdoors may exist in a model. We show that backdoor neutralization through unlearning generalizes across backdoors: training a model to ignore a single trigger can also suppress other backdoors that were never explicitly targeted. We study this phenomenon across three model families, whose backdoors were injected via pretraining or continual pretraining, by analyzing the models obtained after removing one backdoor at a time. To understand why unlearning certain backdoors induces the suppression of others, we introduce the Cross Activation Shift Distance, to quantify the distance between model changes induced by different trainings. Our results open a new direction for LLM safety as defenders could deliberately inject controlled backdoors and then remove them, leveraging cross-backdoor transfer to also suppress unknown backdoors that an attacker may have previously introduced in the model.
| Comments: | 22 pages, 28 figures |
| Subjects: | Computation and Language (cs.CL) |
| Cite as: | arXiv:2606.03785 [cs.CL] |
| (or arXiv:2606.03785v1 [cs.CL] for this version) | |
| https://doi.org/10.48550/arXiv.2606.03785
arXiv-issued DOI via DataCite (pending registration)
|
Access Paper:
- View PDF
- HTML (experimental)
- TeX Source
References & Citations
Bookmark
Bibliographic and Citation Tools
Code, Data and Media Associated with this Article
Demos
Recommenders and Search Tools
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.
More from arXiv — NLP / Computation & Language
-
Hallucination Is Linearly Decodable from Mid-Layer Hidden States in Quantized LLMs
Jun 3
-
Filter, Then Reweight: Rethinking Optimization Granularity in On-Policy Distillation
Jun 3
-
IdiomX A Multilingual Benchmark for Idiom Understanding, Retrieval, and Interpretation
Jun 3
-
Greener Than Humans? Environmental Attitudes in Large Language Models
Jun 3
Discussion (0)
Sign in to join the discussion. Free account, 30 seconds — email code or GitHub.
Sign in →No comments yet. Sign in and be the first to say something.