{"id":"https://openalex.org/W7160990172","doi":"https://doi.org/10.48550/arxiv.2605.11996","title":"BadSKP: Backdoor Attacks on Knowledge Graph-Enhanced LLMs with Soft Prompts","display_name":"BadSKP: Backdoor Attacks on Knowledge Graph-Enhanced LLMs with Soft Prompts","publication_year":2026,"publication_date":"2026-05-12","ids":{"openalex":"https://openalex.org/W7160990172","doi":"https://doi.org/10.48550/arxiv.2605.11996"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.11996","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.11996","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.11996","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075844359","display_name":"Xiaoting Lyu","orcid":"https://orcid.org/0000-0003-0732-0261"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lyu, Xiaoting","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136070602","display_name":"Yufei Han","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Han, Yufei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136039017","display_name":"Hangwei Qian","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Qian, Hangwei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115591870","display_name":"Haoyuan Yu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yu, Haoyuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136082935","display_name":"Xiang Ao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ao, Xiang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136055434","display_name":"Bin Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Bin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136019763","display_name":"Chenxu Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Chenxu","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136075629","display_name":"Xiaobo Ma","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ma, Xiaobo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5136021459","display_name":"Wei Wang","orcid":"https://orcid.org/0000-0002-5089-0000"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Wei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":9,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.6800000071525574,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.6800000071525574,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.22010000050067902,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.02930000051856041,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9879999756813049},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7703999876976013},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.5521000027656555},{"id":"https://openalex.org/keywords/false-accusation","display_name":"False accusation","score":0.4124999940395355},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.4099000096321106},{"id":"https://openalex.org/keywords/knowledge-graph","display_name":"Knowledge graph","score":0.4009999930858612},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.40049999952316284},{"id":"https://openalex.org/keywords/semantic-security","display_name":"Semantic security","score":0.38769999146461487}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9879999756813049},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7703999876976013},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6995000243186951},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5787000060081482},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.5521000027656555},{"id":"https://openalex.org/C59577422","wikidata":"https://www.wikidata.org/wiki/Q10265143","display_name":"False accusation","level":2,"score":0.4124999940395355},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.4099000096321106},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.40470001101493835},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.4034999907016754},{"id":"https://openalex.org/C2987255567","wikidata":"https://www.wikidata.org/wiki/Q33002955","display_name":"Knowledge graph","level":2,"score":0.4009999930858612},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.40049999952316284},{"id":"https://openalex.org/C204806902","wikidata":"https://www.wikidata.org/wiki/Q2333581","display_name":"Semantic security","level":5,"score":0.38769999146461487},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3702999949455261},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.367000013589859},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.3395000100135803},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.3269999921321869},{"id":"https://openalex.org/C2779990267","wikidata":"https://www.wikidata.org/wiki/Q1365664","display_name":"Culpability","level":2,"score":0.31630000472068787},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.3019999861717224},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2768999934196472},{"id":"https://openalex.org/C132010649","wikidata":"https://www.wikidata.org/wiki/Q189222","display_name":"Intuition","level":2,"score":0.2655999958515167},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.26109999418258667},{"id":"https://openalex.org/C2776452267","wikidata":"https://www.wikidata.org/wiki/Q1503443","display_name":"Secrecy","level":2,"score":0.26080000400543213},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.26030001044273376},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.2565000057220459},{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.25060001015663147}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.11996","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.11996","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.11996","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.11996","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/4","score":0.7496560215950012,"display_name":"Quality Education"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Recent":[0],"knowledge":[1,12],"graph":[2,23,115],"(KG)-enhanced":[3],"large":[4],"language":[5],"models":[6],"(LLMs)":[7],"move":[8],"beyond":[9],"purely":[10],"textual":[11,46,72],"augmentation":[13],"by":[14,113],"encoding":[15],"retrieved":[16],"subgraphs":[17],"into":[18],"continuous":[19],"soft":[20,91,164],"prompts":[21,92],"via":[22],"neural":[24],"networks,":[25],"introducing":[26],"a":[27,63,138,147],"graph-conditioned":[28],"channel":[29],"that":[30,59,69,141,186],"operates":[31],"alongside":[32],"the":[33,45,94,114,143,162,168],"standard":[34],"text":[35],"interface.":[36],"However,":[37],"existing":[38],"backdoor":[39,67,139],"attacks":[40,68,200],"are":[41],"largely":[42,77],"designed":[43],"for":[44],"channel,":[47,116],"and":[48,101,166,195],"their":[49],"effectiveness":[50],"against":[51,79],"this":[52,60,84,107,133],"dual-channel":[53],"architecture":[54,61],"remains":[55],"unclear.":[56],"We":[57,82],"show":[58,185],"creates":[62],"robustness":[64],"gap:":[65],"text-channel":[66],"readily":[70],"compromise":[71],"KG":[73],"prompting":[74],"systems":[75],"become":[76],"ineffective":[78],"soft-prompt-based":[80],"counterparts.":[81],"interpret":[83],"gap":[85],"through":[86,146],"semantic":[87],"anchoring,":[88],"whereby":[89],"graph-derived":[90],"bias":[93],"generation-driving":[95],"hidden":[96],"state":[97],"toward":[98,128],"query-consistent":[99],"semantics":[100],"suppress":[102],"surface-level":[103],"malicious":[104],"instructions.":[105],"Because":[106],"anchoring":[108],"effect":[109],"is":[110],"itself":[111],"induced":[112,163],"an":[117],"attacker":[118],"who":[119],"manipulates":[120],"graph-level":[121],"representations":[122,170],"can":[123],"in":[124],"turn":[125],"redirect":[126],"it":[127,151],"adversarial":[129,153,173],"semantics.":[130],"To":[131],"demonstrate":[132],"risk,":[134],"we":[135],"propose":[136],"BadSKP,":[137],"attack":[140,190],"targets":[142],"graph-to-prompt":[144],"interface":[145],"multi-stage":[148],"optimization":[149],"strategy:":[150],"constructs":[152],"target":[154],"embeddings,":[155],"optimizes":[156],"poisoned":[157],"node":[158,174],"embeddings":[159],"to":[160],"steer":[161],"prompt,":[165],"approximates":[167],"optimized":[169],"with":[171],"fluent":[172],"attributes.":[175],"Experiments":[176],"on":[177],"two":[178],"soft-prompt":[179],"KG-enhanced":[180],"LLMs":[181],"across":[182],"four":[183],"datasets":[184],"BadSKP":[187],"achieves":[188],"high":[189],"success":[191],"under":[192,204],"both":[193],"frozen":[194],"trojaned":[196],"settings,":[197],"while":[198],"text-only":[199],"remain":[201],"unreliable":[202],"even":[203],"perplexity-based":[205],"defenses.":[206]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-05-14T00:00:00"}