← Back to papers
2025 IJCNLP IJCNLP 2025

Counterfactual Evaluation for Blind Attack Detection in LLM-based Evaluation Systems

Abstract

AbstractThis paper investigates defenses in LLM-based evaluation, where prompt injection attacks can manipulate scores by deceiving the evaluation system. We formalize blind attacks as a class in which candidate answers are crafted independently of the true answer. To counter such attacks, we propose an evaluation framework that combines standard and counterfactual evaluation. Experiments show it significantly improves attack detection with minimal performance trade-offs for recent models.

🌉 Interdisciplinary Bridge — Artificial Intelligence and Machine Learning and Security & Privacy
🧭 Keyword Pioneer — blind attack
🐝 Cross-Pollinator — Artificial Intelligence, Computer Science, Computer Vision, Data Science & Analytics, Deep Learning, Healthcare & Medicine, Interdisciplinary, Machine Learning, Mathematics & Optimization, Natural Language Processing, Reinforcement Learning, Security & Privacy

Authors

Lijia Liu , Takumi Kondo , Kyohei Atarashi , Koh Takeuchi , Jiyi Li , Shigeru Saito , Hisashi Kashima

Topics

Artificial Intelligence > Core AI > AI Safety Machine Learning > Application Areas > Privacy Security & Privacy > Privacy

Keywords

llm evaluation prompt injection attack detection counterfactual evaluation blind attack
Download PDF

Related papers

Nyay-Darpan: Enhancing Decision Making Through Summarization and Case Retrieval for Consumer Law in India 2025
Cold Starts and Hard Cases: A Two-Stage SFT-RLVR Approach for Legal Machine Translation (Just-NLP L-MT shared task) 2025
Rethinking Information Synthesis in Multimodal Question Answering A Multi-Agent Perspective 2025
MELAC: Massive Evaluation of Large Language Models with Alignment of Culture in Persian Language 2025
From Anger to Joy: How Nationality Personas Shape Emotion Attribution in Large Language Models 2025