The robustness of recent Large Language Models (LLMs) has become increasingly crucial as their applicability expands across various domains and real-world applications. Retrieval-Augmented Generation (RAG) is a promising solution for addressing the limitations of LLMs, yet existing studies on the robustness of RAG often overlook the interconnected relationships between RAG components or the potential threats prevalent in real-world databases, such as minor textual errors. In this work, we investigate two underexplored aspects when assessing the robustness of RAG: 1) vulnerability to noisy documents through low-level perturbations and 2) a holistic evaluation of RAG robustness. Furthermore, we introduce a novel attack method, the Genetic Attack on RAG (\textit{GARAG}), which targets these aspects. Specifically, GARAG is designed to reveal vulnerabilities within each component and test the overall system functionality against noisy documents. We validate RAG robustness by applying our \textit{GARAG} to standard QA datasets, incorporating diverse retrievers and LLMs. The experimental results show that GARAG consistently achieves high attack success rates. Also, it significantly devastates the performance of each component and their synergy, highlighting the substantial risk that minor textual inaccuracies pose in disrupting RAG systems in the real world.

翻译：随着大语言模型（LLM）在多个领域及实际应用中的广泛部署，其鲁棒性变得愈发重要。检索增强生成（RAG）是解决LLM局限性的一种有前景的方案，然而现有关于RAG鲁棒性的研究往往忽视RAG组件间的关联关系，或忽略现实数据库中普遍存在的潜在威胁（如细微文本错误）。本研究从两个尚未充分探索的维度评估RAG的鲁棒性：1）通过低级扰动对噪声文档的脆弱性；2）RAG鲁棒性的整体评估。此外，我们提出一种新型攻击方法——面向RAG的遗传攻击（GARAG），该方法针对上述维度设计。具体而言，GARAG旨在揭示各组件内部的脆弱性，并测试整个系统在噪声文档环境下的功能完整性。通过在标准问答数据集上应用GARAG，并集成多种检索器与LLM验证RAG鲁棒性，实验结果表明：GARAG始终能实现高攻击成功率，同时显著破坏各组件的独立性能及其协同效应，这凸显了细微文本错误在现实世界中对RAG系统的严重威胁。