Secure Retrieval-Augmented Generation against Poisoning Attacks

Zirui Cheng; Jikai Sun; Anjun Gao; Yueyang Quan; Zhuqing Liu; Xiaohua Hu; Minghong Fang

doi:10.48550/arxiv.2510.25025

Back

Secure Retrieval-Augmented Generation against Poisoning Attacks

Preprint

Open access

Secure Retrieval-Augmented Generation against Poisoning Attacks

Zirui Cheng, Jikai Sun, Anjun Gao, Yueyang Quan, Zhuqing Liu, Xiaohua Hu and Minghong Fang

ArXiv.org

28 Oct 2025

DOI: https://doi.org/10.48550/arxiv.2510.25025

Files and links (1)

url

https://doi.org/10.48550/arxiv.2510.25025View

Preprint (Author's original)arXiv.org - Non-exclusive license to distribute, Open

Abstract

Computer Science - Cryptography and Security

Computer Science - Information Retrieval

Computer Science - Learning

Large language models (LLMs) have transformed natural language processing (NLP), enabling applications from content generation to decision support. Retrieval-Augmented Generation (RAG) improves LLMs by incorporating external knowledge but also introduces security risks, particularly from data poisoning, where the attacker injects poisoned texts into the knowledge database to manipulate system outputs. While various defenses have been proposed, they often struggle against advanced attacks. To address this, we introduce RAGuard, a detection framework designed to identify poisoned texts. RAGuard first expands the retrieval scope to increase the proportion of clean texts, reducing the likelihood of retrieving poisoned content. It then applies chunk-wise perplexity filtering to detect abnormal variations and text similarity filtering to flag highly similar texts. This non-parametric approach enhances RAG security, and experiments on large-scale datasets demonstrate its effectiveness in detecting and mitigating poisoning attacks, including strong adaptive attacks.

Metrics

1 Record Views

Details

Title: Secure Retrieval-Augmented Generation against Poisoning Attacks
Creators: Zirui Cheng
Jikai Sun
Anjun Gao
Yueyang Quan
Zhuqing Liu
Xiaohua Hu
Minghong Fang
Publication Details: ArXiv.org
Resource Type: Preprint
Language: English
Academic Unit: Information Science (Informatics)
Other Identifier: 991022130776004721

Secure Retrieval-Augmented Generation against Poisoning Attacks

Files and links (1)

Abstract

Metrics

Details

Drexel University Social media