Si, Wai Man;
Backes, Michael;
Blackburn, Jeremy;
Cristofaro, Emiliano De;
Stringhini, Gianluca;
Zannettou, Savvas;
Zhang, Yand;
(2022)
Why So Toxic? Measuring and Triggering Toxic Behavior in
Open-Domain Chatbots.
In:
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.
(pp. pp. 2659-2673).
ACM
Preview |
Text
2209.03463v1.pdf - Accepted Version Download (913kB) | Preview |
Abstract
Chatbots are used in many applications, e.g., automated agents, smart home assistants, interactive characters in online games, etc. Therefore, it is crucial to ensure they do not behave in undesired manners, providing offensive or toxic responses to users. This is not a trivial task as state-of-the-art chatbot models are trained on large, public datasets openly collected from the Internet. This paper presents a first-of-its-kind, large-scale measurement of toxicity in chatbots. We show that publicly available chatbots are prone to providing toxic responses when fed toxic queries. Even more worryingly, some non-toxic queries can trigger toxic responses too. We then set out to design and experiment with an attack, ToxicBuddy, which relies on fine-tuning GPT-2 to generate non-toxic queries that make chatbots respond in a toxic manner. Our extensive experimental evaluation demonstrates that our attack is effective against public chatbot models and outperforms manually-crafted malicious queries proposed by previous work. We also evaluate three defense mechanisms against ToxicBuddy, showing that they either reduce the attack performance at the cost of affecting the chatbot's utility or are only effective at mitigating a portion of the attack. This highlights the need for more research from the computer security and online safety communities to ensure that chatbot models do not hurt their users. Overall, we are confident that ToxicBuddy can be used as an auditing tool and that our work will pave the way toward designing more effective defenses for chatbot safety.
| Type: | Proceedings paper |
|---|---|
| Title: | Why So Toxic? Measuring and Triggering Toxic Behavior in Open-Domain Chatbots |
| Event: | CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security, November 7 - 11, 2022, Los Angeles, USA |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1145/3548606.3560599 |
| Publisher version: | https://doi.org/10.1145/3548606.3560599 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| UCL classification: | UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science UCL > Provost and Vice Provost Offices > UCL BEAMS UCL |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10155761 |
Archive Staff Only
 |
View Item |
