Search papers, labs, and topics across Lattice.
This paper introduces the Knowledge Trap, a novel defense mechanism against model extraction attacks on large language models that utilizes a Honeypot Knowledge Graph (HKG) to misdirect attackers toward low-value knowledge. By employing breadcrumb-guided exploration, the method effectively consumes the attacker's query budget while maintaining performance for legitimate users. Experimental results demonstrate a 6.2% reduction in surrogate Agreement in medical and financial domains, highlighting its effectiveness over existing defenses that compromise user experience.
Attackers waste their query budgets on trivial knowledge while legitimate users enjoy uninterrupted access, thanks to the Knowledge Trap.
Large language models deployed as commercial APIs are vulnerable to model extraction attacks, while existing defenses either act too late or degrade utility for legitimate users. We propose \textbf{Knowledge Trap}, a defense that redirects extraction attacks toward low-transferability knowledge through a \emph{Honeypot Knowledge Graph} (HKG) and breadcrumb-guided exploration. Instead of blocking queries or perturbing outputs, Knowledge Trap consumes the attacker's limited query budget on knowledge with negligible downstream utility while preserving benign-user performance. Experiments in medical and financial domains show that Knowledge Trap reduces surrogate Agreement by 6.2\% on average without degrading legitimate-user accuracy, outperforming existing defenses that impose measurable user impact. These results suggest that defending knowledge-space traversal is a practical direction for mitigating LLM extraction attacks.