Background/Motivation:
Backdoor attacks are attacks on neural networks where a so-called trigger alters the decision-making behaviour of the networks, thereby creating vulnerabilities. These triggers can be injected into the training dataset or directly into the model weights. These are then called poisoned. Due to parameter-efficient fine-tuning methods, backdoor attacks on large language models (LLMs) have become significantly more difficult to detect, as a poisoned parameter update is harder to recognise than a poisoned dataset. Therefore, several methods have been developed recently to detect poisoned model updates.
Objective: Due to the variety of backdoor attacks, methods often detect far fewer attacks than they claim, as they frequently make assumptions that do not correspond to reality. The aim of this work is therefore to identify and exploit vulnerabilities in methods presented in the literature, so that the promised effects are not achieved as desired.
Results: The results of this work are intended to demonstrate to the research community that a fundamental understanding of the mechanics of backdoor attacks is absolutely necessary. For this purpose, models, datasets, or finetuning adapters should be created and tested for previously selected detection methods, which can reliably bypass these detection methods.
Be part of change
* Researching and implementing novel machine learning approaches that enhance the security of LLMs.
* Self-critical evaluation of the obtained results.
* Presenting the results.
* Preparing a project report in the form of a master's thesis.
What you contribute
* Knowledge in the field of Machine Learning, including training, inference, and optimisation of transformer architectures.
* Knowledge in the field of ML security is desirable.
* Good Python skills, especially with PyTorch, are required.
* Scientific interest and interest in current research projects.
What we offer
* Independent work schedule management
* Insights into the intersection of academic research and industrial application
Related works:
[1] (Relevante Abschnitte: 2.7, 3.5, 3.6)
[2]
[3]
[4]
http://arxiv.org/pdf/2508.01365
We value and promote the diversity of our employees' skills and therefore welcome all applications – regardless of age, gender, nationality, ethnic and social origin, religion, ideology, disability, sexual orientation and identity. Severely disabled persons are given preference in the event of equal suitability. Our tasks are diverse and adaptable – for applicants with disabilities, we work together to find solutions that best promote their abilities.
With its focus on developing key technologies that are vital for the future and enabling the commercial utilization of this work by business and industry, Fraunhofer plays a central role in the innovation process. As a pioneer and catalyst for groundbreaking developments and scientific excellence, Fraunhofer helps shape society now and in the future.
Ready for a change? Then apply now and make a difference! Once we have received your online application, you will receive an automatic confirmation of receipt. We will then get back to you as soon as possible and let you know what happens next.
Fraunhofer Institute for Secure Information Technology SIT
www.sit.fraunhofer.de
Requisition Number: 82689 Application Deadline: