A knowledge evolution poisoning attack method for a graph-oriented enhanced retrieval generation system

By forging knowledge evolution paths in the GraphRAG system and constructing multi-target cross-subgraph cooperative attacks, the problem of poisoning attacks being prone to failure in the GraphRAG system is solved, achieving stable misleading of the generation process and improving system security.

CN122173622APending Publication Date: 2026-06-09UNIV OF ELECTRONICS SCI & TECH OF CHINA

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
UNIV OF ELECTRONICS SCI & TECH OF CHINA
Filing Date
2026-02-02
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Existing poisoning attack methods are prone to failure in the GraphRAG system, have difficulty having a substantial impact on the generation process through the structured modeling stage, and lack stability in multi-target attacks.

Method used

By constructing a knowledge evolution forgery attack, the attack leverages GraphRAG's dependence on the structural characteristics of the knowledge graph, fact evolution relationships, and temporal order consistency to forge knowledge evolution paths and inject poisoning events. Combined with multi-target cross-subgraph collaborative attack techniques, a closely connected poisoning community is formed.

Benefits of technology

It significantly improves the retrieval priority and coverage of poisoning knowledge in the GraphRAG system, enabling continuous and stable misleading of the generation process, and enhancing the security and reliability of the system.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122173622A_ABST
    Figure CN122173622A_ABST
Patent Text Reader

Abstract

This invention presents a knowledge evolution poisoning attack method for graph-enhanced retrieval and generation systems, belonging to the field of retrieval enhancement and generation. Through knowledge evolution forgery attacks and multi-target cross-subgraph collaborative attacks, it can generate evolutionary corpora that satisfy temporal constraints and have stronger structural connectivity without compromising the overall consistency of the knowledge graph. This allows for a more thorough exposure of GraphRAG's vulnerabilities in knowledge extraction, community partitioning, subgraph retrieval, and evidence aggregation stages in authorized evaluation environments. Compared to direct splicing injection, the samples generated by this method more closely resemble the "real knowledge update" distribution and can be used for pre-deployment red team evaluation, post-deployment regression testing, and effectiveness verification and parameter selection for defense modules such as consistency detection, retrieval filtering, and fact verification.
Need to check novelty before this filing date? Find Prior Art