{"id":"https://openalex.org/W7154215670","doi":"https://doi.org/10.48550/arxiv.2604.10717","title":"Detecting RAG Extraction Attack via Dual-Path Runtime Integrity Game","display_name":"Detecting RAG Extraction Attack via Dual-Path Runtime Integrity Game","publication_year":2026,"publication_date":"2026-04-12","ids":{"openalex":"https://openalex.org/W7154215670","doi":"https://doi.org/10.48550/arxiv.2604.10717"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.10717","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.10717","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.10717","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5086277438","display_name":"Yuanbo Xie","orcid":"https://orcid.org/0009-0008-1325-4313"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Xie, Yuanbo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133606774","display_name":"Yingjie Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Yingjie","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133613161","display_name":"Yulin Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Yulin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133578872","display_name":"Shouyou Song","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Song, Shouyou","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133573503","display_name":"Xiaokun Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Xiaokun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133576615","display_name":"Zhihan Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Zhihan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031351418","display_name":"Liya Su","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Su, Liya","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5133590752","display_name":"Tingwen Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Tingwen","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5086277438"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6437000036239624,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6437000036239624,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.1899999976158142,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.03959999978542328,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/oracle","display_name":"Oracle","score":0.590399980545044},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5852000117301941},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.42399999499320984},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.420199990272522},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.33009999990463257},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.32670000195503235},{"id":"https://openalex.org/keywords/information-leakage","display_name":"Information leakage","score":0.3124000132083893},{"id":"https://openalex.org/keywords/runtime-verification","display_name":"Runtime verification","score":0.3009999990463257}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8137999773025513},{"id":"https://openalex.org/C55166926","wikidata":"https://www.wikidata.org/wiki/Q2892946","display_name":"Oracle","level":2,"score":0.590399980545044},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5852000117301941},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.42399999499320984},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.420199990272522},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3785000145435333},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.33009999990463257},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.32670000195503235},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3231000006198883},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.3124000132083893},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.31119999289512634},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.30160000920295715},{"id":"https://openalex.org/C202973057","wikidata":"https://www.wikidata.org/wiki/Q7380130","display_name":"Runtime verification","level":3,"score":0.3009999990463257},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.29409998655319214},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2921999990940094},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.2906999886035919},{"id":"https://openalex.org/C2777042071","wikidata":"https://www.wikidata.org/wiki/Q6509304","display_name":"Leakage (economics)","level":2,"score":0.2831000089645386},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.27889999747276306},{"id":"https://openalex.org/C105446022","wikidata":"https://www.wikidata.org/wiki/Q445962","display_name":"Legacy system","level":3,"score":0.2732999920845032},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.2705000042915344},{"id":"https://openalex.org/C175309249","wikidata":"https://www.wikidata.org/wiki/Q725864","display_name":"Pipeline transport","level":2,"score":0.2648000121116638},{"id":"https://openalex.org/C71901391","wikidata":"https://www.wikidata.org/wiki/Q7126699","display_name":"Upload","level":2,"score":0.26339998841285706},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.26100000739097595},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.25920000672340393}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.10717","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.10717","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.10717","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.10717","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7058436870574951}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Retrieval-Augmented":[0],"Generation":[1],"(RAG)":[2],"systems":[3],"augment":[4],"large":[5],"language":[6],"models":[7],"with":[8],"external":[9],"knowledge,":[10],"yet":[11],"introduce":[12],"a":[13,65,91,152,171],"critical":[14],"security":[15],"vulnerability:":[16],"RAG":[17,49,87,162],"Knowledge":[18],"Base":[19],"Leakage,":[20],"wherein":[21],"adversarial":[22],"prompts":[23],"can":[24,39,156],"induce":[25],"the":[26,104],"model":[27],"to":[28],"divulge":[29],"retrieved":[30,83],"proprietary":[31,177],"content.":[32],"Recent":[33],"studies":[34],"reveal":[35],"that":[36,126],"such":[37],"leakage":[38],"be":[40,157],"executed":[41],"through":[42],"adaptive":[43,116],"and":[44,85,118,147,173],"iterative":[45],"attack":[46],"strategies":[47],"(named":[48],"extraction":[50,88],"attack),":[51],"while":[52,140],"effective":[53],"countermeasures":[54],"remain":[55],"notably":[56],"lacking.":[57],"To":[58],"bridge":[59],"this":[60],"gap,":[61],"we":[62],"propose":[63],"CanaryRAG,":[64],"runtime":[66,93],"defense":[67,89],"mechanism":[68],"inspired":[69],"by":[70],"stack":[71],"canaries":[72],"in":[73,99],"software":[74],"security.":[75],"CanaryRAG":[76,127,155],"embeds":[77],"carefully":[78],"designed":[79],"canary":[80,112],"tokens":[81],"into":[82,160],"chunks":[84],"reformulates":[86],"as":[90,151],"dual-path":[92],"integrity":[94],"game.":[95],"Leakage":[96],"is":[97],"detected":[98],"real":[100],"time":[101],"whenever":[102],"either":[103],"target":[105],"or":[106,167],"oracle":[107],"path":[108],"violates":[109],"its":[110],"expected":[111],"behavior,":[113],"including":[114],"under":[115],"suppression":[117],"obfuscation.":[119],"Extensive":[120],"evaluations":[121],"against":[122],"existing":[123],"attacks":[124],"demonstrate":[125],"provides":[128],"robust":[129],"defense,":[130],"achieving":[131],"substantially":[132],"lower":[133],"chunk":[134],"recovery":[135],"rates":[136],"than":[137],"state-of-the-art":[138],"baselines":[139],"imposing":[141],"negligible":[142],"impact":[143],"on":[144],"task":[145],"performance":[146],"inference":[148],"latency.":[149],"Moreover,":[150],"plug-and-play":[153],"solution,":[154],"seamlessly":[158],"integrated":[159],"arbitrary":[161],"pipelines":[163],"without":[164],"requiring":[165],"retraining":[166],"structural":[168],"modifications,":[169],"offering":[170],"practical":[172],"scalable":[174],"safeguard":[175],"for":[176],"data.":[178]},"counts_by_year":[],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2026-04-15T00:00:00"}