{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,8]],"date-time":"2026-03-08T01:39:40Z","timestamp":1772933980071,"version":"3.50.1"},"reference-count":29,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,8]]},"DOI":"10.1109\/bigdata66926.2025.11402647","type":"proceedings-article","created":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T20:57:57Z","timestamp":1772830677000},"page":"1799-1806","source":"Crossref","is-referenced-by-count":0,"title":["Secure Retrieval-Augmented Generation Against Poisoning Attacks"],"prefix":"10.1109","author":[{"given":"Zirui","family":"Cheng","sequence":"first","affiliation":[{"name":"National University of Singapore"}]},{"given":"Jikai","family":"Sun","sequence":"additional","affiliation":[{"name":"National University of Singapore"}]},{"given":"Anjun","family":"Gao","sequence":"additional","affiliation":[{"name":"University of Louisville"}]},{"given":"Yueyang","family":"Quan","sequence":"additional","affiliation":[{"name":"University of North Texas"}]},{"given":"Zhuqing","family":"Liu","sequence":"additional","affiliation":[{"name":"University of North Texas"}]},{"given":"Xiaohua","family":"Hu","sequence":"additional","affiliation":[{"name":"Drexel University"}]},{"given":"Minghong","family":"Fang","sequence":"additional","affiliation":[{"name":"University of Louisville"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Language models are few-shot learners","volume-title":"NeurIPS","author":"Brown","year":"2020"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.emnlp-main.550"},{"key":"ref3","article-title":"Poisonedrag: Knowledge corruption attacks to retrieval-augmented generation of large language models","volume-title":"USENIX Security Symposium","author":"Zou","year":"2025"},{"key":"ref4","article-title":"Baseline defenses for adversarial attacks against aligned language models","author":"Jain","year":"2023","journal-title":"arXiv preprint"},{"key":"ref5","article-title":"Certifiably robust rag against retrieval corruption","author":"Xiang","year":"2024","journal-title":"arXiv preprint"},{"key":"ref6","article-title":"Trustrag: Enhancing robustness and trustworthiness in rag","author":"Zhou","year":"2025","journal-title":"arXiv preprint"},{"key":"ref7","article-title":"Practical poisoning attacks against retrieval-augmented generation","author":"Zhang","year":"2025","journal-title":"arXiv preprint"},{"key":"ref8","article-title":"Benchmarking poisoning attacks against retrieval-augmented generation","author":"Zhang","year":"2025","journal-title":"arXiv preprint"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-010-5188-5"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.11"},{"key":"ref11","article-title":"When does machine learning fail? generalized transferability for evasion and poisoning attacks","volume-title":"USENIX Security Symposium","author":"Suciu","year":"2018"},{"key":"ref12","article-title":"Interpolated estimation of markov source parameters from sparse data","volume-title":"Workshop on Pattern Recognition in Practice","author":"Jelinek","year":"1980"},{"key":"ref13","article-title":"Detecting language model attacks with perplexity","author":"Alon","year":"2023","journal-title":"arXiv preprint"},{"key":"ref14","article-title":"Formalizing and benchmarking prompt injection attacks and defenses","volume-title":"USENIX Security Symposium","author":"Liu","year":"2024"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3696410.3714756"},{"key":"ref16","article-title":"Who taught the lie? responsibility attribution for poisoned knowledge in retrieval-augmented generation","volume-title":"IEEE Symposium on Security and Privacy","author":"Zhang","year":"2026"},{"key":"ref17","article-title":"Leveraging passage retrieval with generative models for open domain question answering","volume-title":"ACL","author":"Izacard","year":"2020"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3397271.3401075"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/p18-2006"},{"key":"ref20","article-title":"Secure retrieval-augmented generation against poisoning attacks","author":"Cheng","year":"2025","journal-title":"arXiv preprint"},{"key":"ref21","article-title":"Retrieval-augmented generation for knowledgeintensive nlp tasks","volume-title":"NeurIPS","author":"Lewis","year":"2020"},{"key":"ref22","article-title":"Retrieval augmented language model pre-training","volume-title":"ICML","author":"Guu","year":"2020"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1162\/tacl_a_00276"},{"key":"ref24","article-title":"Ms marco: A human generated machine reading comprehension dataset","volume-title":"NeurIPS","author":"Bajaj","year":"2016"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D18-1259"},{"key":"ref26","article-title":"Phantom: General trigger attacks on retrieval augmented language generation","author":"Chaudhari","year":"2024","journal-title":"arXiv preprint"},{"key":"ref27","article-title":"Machine against the rag: Jamming retrieval-augmented generation with blocker documents","author":"Shafran","year":"2024","journal-title":"arXiv preprint"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/1012453.1012456"},{"key":"ref29","article-title":"Unsupervised dense information retrieval with contrastive learning","author":"Izacard","year":"2021","journal-title":"arXiv preprint"}],"event":{"name":"2025 IEEE International Conference on Big Data (BigData)","location":"Macau, China","start":{"date-parts":[[2025,12,8]]},"end":{"date-parts":[[2025,12,11]]}},"container-title":["2025 IEEE International Conference on Big Data (BigData)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11400704\/11400712\/11402647.pdf?arnumber=11402647","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T06:56:46Z","timestamp":1772866606000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11402647\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"references-count":29,"URL":"https:\/\/doi.org\/10.1109\/bigdata66926.2025.11402647","relation":{},"subject":[],"published":{"date-parts":[[2025,12,8]]}}}