Adversarial Databases Improve Success in Retrieval-based Large Language Models

Sean Wu,Michael Koo,Li Yo Kao,Andy Black,Lesley Blum,Fabien Scalzo,Ira Kurtz
2024-07-20
Abstract:Open-source LLMs have shown great potential as fine-tuned chatbots, and demonstrate robust abilities in reasoning and surpass many existing benchmarks. Retrieval-Augmented Generation (RAG) is a technique for improving the performance of LLMs on tasks that the models weren't explicitly trained on, by leveraging external knowledge databases. Numerous studies have demonstrated the effectiveness of RAG to more successfully accomplish downstream tasks when using vector datasets that consist of relevant background information. It has been implicitly assumed by those in the field that if adversarial background information is utilized in this context, that the success of using a RAG-based approach would be nonexistent or even negatively impact the results. To address this assumption, we tested several open-source LLMs on the ability of RAG to improve their success in answering multiple-choice questions (MCQ) in the medical subspecialty field of Nephrology. Unlike previous studies, we examined the effect of RAG in utilizing both relevant and adversarial background databases. We set up several open-source LLMs, including Llama 3, Phi-3, Mixtral 8x7b, Zephyr$\beta$, and Gemma 7B Instruct, in a zero-shot RAG pipeline. As adversarial sources of information, text from the Bible and a Random Words generated database were used for comparison. Our data show that most of the open-source LLMs improve their multiple-choice test-taking success as expected when incorporating relevant information vector databases. Surprisingly however, adversarial Bible text significantly improved the success of many LLMs and even random word text improved test taking ability of some of the models. In summary, our results demonstrate for the first time the countertintuitive ability of adversarial information datasets to improve the RAG-based LLM success.
Computation and Language
What problem does this paper attempt to address?
The paper primarily explores how adversarial databases unexpectedly improve the performance of large language models (LLMs) in multiple-choice tests within specific domains when using Retrieval-Augmented Generation (RAG) technology. ### Problems the Paper Attempts to Solve 1. **Impact of Adversarial Background Information**: The paper aims to test a hypothesis on whether using a database containing adversarial background information negatively affects the performance of RAG-based large language models. Adversarial information refers to data that is irrelevant or even potentially misleading to the task. 2. **Effectiveness of the RAG Mechanism**: Researchers evaluated the impact of the RAG mechanism on model performance when introducing both relevant and adversarial background information, particularly in the medical subfield of nephrology's multiple-choice test capabilities. ### Main Findings - The researchers tested several open-source large language models, including Llama 3, Phi-3, Mixtral 8x7b, Zephyr β, and Gemma 7B Instruct, and compared their performance using relevant (e.g., nephSAP and UpToDate databases) and adversarial (e.g., Bible text and random word databases) background information. - Experimental results showed that most models improved their multiple-choice test success rates when relevant background information was added, which was the expected outcome. - Surprisingly, adversarial databases (especially Bible text) significantly improved the test success rates of certain models, and even random word databases enhanced the performance of some models. - These results suggest that adversarial information databases can improve the success rates of large language models under the RAG mechanism in non-intuitive ways, possibly due to the models' pre-trained prior knowledge rather than the RAG mechanism itself. ### Conclusion and Future Directions - The paper demonstrates that adversarial information databases can unexpectedly enhance the performance of specific large language models on specific tasks. - This finding provides new insights into the RAG mechanism, suggesting that well-curated relevant databases may not always be necessary to achieve good results. - Future research could further explore the potential applications of adversarial information databases in other fields and delve deeper into understanding the specific mechanisms behind this phenomenon.