{"id":"https://openalex.org/W4416251178","doi":"https://doi.org/10.1109/ijcnn64981.2025.11228722","title":"Attacking RAG Systems in Multiple Domains with Locally Running and Automatic Procedures","display_name":"Attacking RAG Systems in Multiple Domains with Locally Running and Automatic Procedures","publication_year":2025,"publication_date":"2025-06-30","ids":{"openalex":"https://openalex.org/W4416251178","doi":"https://doi.org/10.1109/ijcnn64981.2025.11228722"},"language":null,"primary_location":{"id":"doi:10.1109/ijcnn64981.2025.11228722","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn64981.2025.11228722","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108719287","display_name":"C. Maio","orcid":null},"institutions":[{"id":"https://openalex.org/I108290504","display_name":"University of Pisa","ror":"https://ror.org/03ad39j10","country_code":"IT","type":"education","lineage":["https://openalex.org/I108290504"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Christian Di Maio","raw_affiliation_strings":["University of Pisa,Department of Computer Science,Pisa,Italy"],"affiliations":[{"raw_affiliation_string":"University of Pisa,Department of Computer Science,Pisa,Italy","institution_ids":["https://openalex.org/I108290504"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006137186","display_name":"Stefano Melacci","orcid":"https://orcid.org/0000-0002-0415-0888"},"institutions":[{"id":"https://openalex.org/I102064193","display_name":"University of Siena","ror":"https://ror.org/01tevnk56","country_code":"IT","type":"education","lineage":["https://openalex.org/I102064193"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Stefano Melacci","raw_affiliation_strings":["University of Siena,Department of Information Engineering,Siena,Italy"],"affiliations":[{"raw_affiliation_string":"University of Siena,Department of Information Engineering,Siena,Italy","institution_ids":["https://openalex.org/I102064193"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5108719287"],"corresponding_institution_ids":["https://openalex.org/I108290504"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.18261869,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.2847000062465668,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.2847000062465668,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.10559999942779541,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.042500000447034836,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.6017000079154968},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.5297999978065491},{"id":"https://openalex.org/keywords/simple","display_name":"Simple (philosophy)","score":0.5196999907493591},{"id":"https://openalex.org/keywords/sensitivity","display_name":"Sensitivity (control systems)","score":0.4388999938964844},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.3449999988079071}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7504000067710876},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.6017000079154968},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.5297999978065491},{"id":"https://openalex.org/C2780586882","wikidata":"https://www.wikidata.org/wiki/Q7520643","display_name":"Simple (philosophy)","level":2,"score":0.5196999907493591},{"id":"https://openalex.org/C21200559","wikidata":"https://www.wikidata.org/wiki/Q7451068","display_name":"Sensitivity (control systems)","level":2,"score":0.4388999938964844},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.3449999988079071},{"id":"https://openalex.org/C29825287","wikidata":"https://www.wikidata.org/wiki/Q1427940","display_name":"Warning system","level":2,"score":0.31130000948905945},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29510000348091125},{"id":"https://openalex.org/C182306322","wikidata":"https://www.wikidata.org/wiki/Q1779371","display_name":"Order (exchange)","level":2,"score":0.29190000891685486},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2802000045776367},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2712000012397766},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.25589999556541443}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ijcnn64981.2025.11228722","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn64981.2025.11228722","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320324499","display_name":"Universit\u00e0 di Pisa","ror":"https://ror.org/03ad39j10"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W2535690855","https://openalex.org/W3011159643","https://openalex.org/W3043638540","https://openalex.org/W3138815606","https://openalex.org/W4226418765","https://openalex.org/W4288057780","https://openalex.org/W4301880089","https://openalex.org/W4319878704","https://openalex.org/W4322736917","https://openalex.org/W4323022560","https://openalex.org/W4323655724","https://openalex.org/W4381930847","https://openalex.org/W4385569780","https://openalex.org/W4387321091","https://openalex.org/W4388778348","https://openalex.org/W4389523725","https://openalex.org/W4393170828","https://openalex.org/W4397034170","https://openalex.org/W4399427448","https://openalex.org/W4400531953","https://openalex.org/W4401042993","https://openalex.org/W4401976909","https://openalex.org/W4403865011","https://openalex.org/W4407938156","https://openalex.org/W4408353799","https://openalex.org/W4412158322"],"related_works":[],"abstract_inverted_index":{"Nowadays,":[0],"services":[1],"exploiting":[2],"Large":[3],"Language":[4],"Models":[5],"(LLMs)":[6],"frequently":[7],"customize":[8],"the":[9,52,77,101,142,153,157,187,192,198,201,205,227,239,248],"model":[10],"responses":[11],"in":[12,44,72,88,95,130,191],"function":[13],"of":[14,79,98,109,126,156,159,200,230,250],"their":[15],"specific":[16,252],"requirements,":[17],"thanks":[18],"to":[19,36,50,69,90,151,172,182,204,223,254],"Retrieval-Augmented":[20],"Generation":[21],"(RAG).":[22],"While":[23],"this":[24,96,241],"is":[25,104,145,179,186,235],"a":[26,118,122,127,160,164,168],"simple":[27],"and":[28,121],"effective":[29],"solution,":[30],"it":[31],"has":[32],"been":[33],"recently":[34],"shown":[35],"suffer":[37],"from":[38],"serious":[39],"LLM-related":[40],"security":[41],"issues":[42],"that,":[43,181],"some":[45],"circumstances,":[46],"can":[47,114,219],"be":[48,115,220],"exploited":[49,222],"access":[51],"RAG":[53,70,161,257],"internal":[54],"knowledge":[55],"base,":[56],"possibly":[57],"containing":[58],"private/sensitive":[59],"data.":[60],"This":[61],"paper":[62,242],"(i)":[63],"compares":[64],"different":[65],"existing":[66],"recent":[67,110,169],"attacks":[68,85],"systems":[71],"three":[73],"real-world":[74],"scenarios,":[75],"with":[76,138],"goal":[78],"in-depth":[80],"evaluating":[81],"them.":[82],"Moreover,":[83,226],"novel":[84],"are":[86,211],"proposed,":[87],"order":[89],"study":[91],"distinct":[92],"open":[93],"directions":[94],"field":[97],"study:":[99],"(ii)":[100],"first":[102],"one":[103,144,190],"based":[105],"on":[106,117,247],"free-online-API":[107],"variants":[108],"black-box":[111,124],"attacks,":[112],"which":[113,209],"run":[116],"domestic":[119],"machine,":[120],"fully":[123],"reformulation":[125],"gray-box":[128],"method,":[129],"both":[131,238],"cases":[132],"simulating":[133],"more":[134],"realistic":[135],"conditions":[136],"built":[137],"open-source":[139,217],"tools;":[140],"(iii)":[141],"second":[143],"aimed":[146],"at":[147],"building":[148],"automatic":[149,233],"procedures":[150],"get":[152],"most":[154,188],"out":[155],"knowledge-base":[158],"system,":[162],"introducing":[163],"strategy":[165],"that":[166,216],"allows":[167],"memory-based":[170],"approach":[171],"become":[173],"automatic.":[174],"A":[175],"large":[176],"experimental":[177],"comparison":[178],"included":[180],"our":[183],"best":[184],"knowledge,":[185],"extended":[189],"current":[193],"scientific":[194],"literature.":[195],"Results":[196],"highlight":[197],"sensitivity":[199],"attack":[202],"procedure":[203,234],"basic":[206],"tools":[207],"over":[208],"they":[210],"built,":[212],"but":[213],"also":[214],"shows":[215],"solutions":[218],"easily":[221],"setup":[224,255],"attacks.":[225],"actually":[228],"feasibility":[229],"designing":[231],"an":[232,244],"proved.":[236],"In":[237],"cases,":[240],"raises":[243],"important":[245],"warning":[246],"need":[249],"taking":[251],"precautions":[253],"robust":[256],"systems.":[258]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-11-14T00:00:00"}