RADAR: Defending RAG Dynamically against Retrieval Corruption
About
While RAG systems are increasingly deployed in dynamic web search, temporal volatility amplifies their vulnerability to adversarial attacks. Existing static-oriented defenses struggle to handle evolving threats and incur prohibitive storage costs in dynamic settings. We propose RADAR, a framework that models reliable context selection as a graph-based energy minimization problem, solved exactly via Max-Flow Min-Cut. By incorporating a Bayesian memory node, RADAR recursively updates a belief state instead of archiving raw historical documents, effectively balancing stability against attacks with adaptability to genuine knowledge shifts. Experiments on a novel dynamic dataset show that RADAR achieves superior robustness and response quality with minimal storage overhead compared to the baselines.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Question Answering | RQA | ASR16 | 130 | |
| Question Answering | NQ | Accuracy62.4 | 113 | |
| Retrieval Question Answering | RQA | Accuracy76 | 72 | |
| Question Answering under PIA attack | Bio | Accuracy75.2 | 60 | |
| Question Answering | TQA | Accuracy72.2 | 60 | |
| Retrieval-Augmented Generation | Bio | Accuracy74.02 | 42 | |
| Question Answering | NQ Poison Attack (test) | Attack Success Rate7 | 35 | |
| Question Answering | NQ (test) | Accuracy67 | 30 | |
| Question Answering | Dynamic Evidence Streams | Accuracy57.7 | 24 | |
| Dynamic Retrieval-Augmented Generation | Bio (test) | Accuracy74.02 | 24 |