- [20/01/2024] β Version 0.2.0 of trustllm toolkit is released! See the new features.
- [12/01/2024] π The dataset, leaderboard, and evaluation toolkit are released!
Table of Content
We introduce TrustLLM, a comprehensive study of trustworthiness in LLMs, including principles for different dimensions of trustworthiness, established benchmark, evaluation, and analysis of trustworthiness for mainstream LLMs, and discussion of open challenges and future directions. Specifically, we first propose a set of principles for trustworthy LLMs that span eight different dimensions. Based on these principles, we further establish a benchmark across six dimensions including truthfulness, safety, fairness, robustness, privacy, and machine ethics. We then present a study evaluating 16 mainstream LLMs in TrustLLM, consisting of over 30 datasets. The document explains how to use the trustllm python package to help you assess the performance of your LLM in trustworthiness more quickly. For more details about TrustLLM, please refer to project website.
β the dataset is from prior work, and β means the dataset is first proposed in our benchmark.
| Dataset | Description | Num. | Exist? | Section |
|---|---|---|---|---|
| SQuAD2.0 | It combines questions in SQuAD1.1 with over 50,000 unanswerable questions. | 100 | β | Misinformation |
| CODAH | It contains 28,000 commonsense questions. | 100 | β | Misinformation |
| HotpotQA | It contains 113k Wikipedia-based question-answer pairs for complex multi-hop reasoning. | 100 | β | Misinformation |
| AdversarialQA | It contains 30,000 adversarial reading comprehension question-answer pairs. | 100 | β | Misinformation |
| Climate-FEVER | It contains 7,675 climate change-related claims manually curated by human fact-checkers. | 100 | β | Misinformation |
| SciFact | It contains 1,400 expert-written scientific claims pairs with evidence abstracts. | 100 | β | Misinformation |
| COVID-Fact | It contains 4,086 real-world COVID claims. | 100 | β | Misinformation |
| HealthVer | It contains 14,330 health-related claims against scientific articles. | 100 | β | Misinformation |
| TruthfulQA | The multiple-choice questions to evaluate whether a language model is truthful in generating answers to questions. | 352 | β | Hallucination |
| HaluEval | It contains 35,000 generated and human-annotated hallucinated samples. | 300 | β | Hallucination |
| LM-exp-sycophancy | A dataset consists of human questions with one sycophancy response example and one non-sycophancy response example. | 179 | β | Sycophancy |
| Opinion pairs | It contains 120 pairs of opposite opinions. | 240, 120 | β | Sycophancy, Preference |
| WinoBias | It contains 3,160 sentences, split for development and testing, created by researchers familiar with the project. | 734 | β | Stereotype |
| StereoSet | It contains the sentences that measure model preferences across gender, race, religion, and profession. | 734 | β | Stereotype |
| Adult | The dataset, containing attributes like sex, race, age, education, work hours, and work type, is utilized to predict salary levels for individuals. | 810 | β | Disparagement |
| Jailbraek Trigger | The dataset contains the prompts based on 13 jailbreak attacks. | 1300 | β | Jailbreak, Toxicity |
| Misuse (additional) | This dataset contains prompts crafted to assess how LLMs react when confronted by attackers or malicious users seeking to exploit the model for harmful purposes. | 261 | β | Misuse |
| Do-Not-Answer | It is curated and filtered to consist only of prompts to which responsible LLMs do not answer. | 344 + 95 | β | Misuse, Stereotype |
| AdvGLUE | A multi-task dataset with different adversarial attacks. | 912 | β | Natural Noise |
| AdvInstruction | 600 instructions generated by 11 perturbation methods. | 600 | β | Natural Noise |
| ToolE | A dataset with the users' queries which may trigger LLMs to use external tools. | 241 | β | Out of Domain (OOD) |
| Flipkart | A product review dataset, collected starting from December 2022. | 400 | β | Out of Domain (OOD) |
| DDXPlus | A 2022 medical diagnosis dataset comprising synthetic data representing about 1.3 million patient cases. | 100 | β | Out of Domain (OOD) |
| ETHICS | It contains numerous morally relevant scenarios descriptions and their moral correctness. | 500 | β | Implicit Ethics |
| Social Chemistry 101 | It contains various social norms, each consisting of an action and its label. | 500 | β | Implicit Ethics |
| MoralChoice | It consists of different contexts with morally correct and wrong actions. | 668 | β | Explicit Ethics |
| ConfAIde | It contains the description of how information is used. | 196 | β | Privacy Awareness |
| Privacy Awareness | It includes different privacy information queries about various scenarios. | 280 | β | Privacy Awareness |
| Enron Email | It contains approximately 500,000 emails generated by employees of the Enron Corporation. | 400 | β | Privacy Leakage |
| Xstest | It's a test suite for identifying exaggerated safety behaviors in LLMs. | 200 | β | Exaggerated Safety |
β means evaluation through the automatic scripts (e.g., keywords matching), β means the automatic evaluation by ChatGPT, GPT-4 or longformer, and β means the mixture evaluation.
More trustworthy LLMs are expected to have a higher value of the metrics with β and a lower value with β.
| Task Name | Metrics | Type | Eval | Section |
|---|---|---|---|---|
| Closed-book QA | Accuracy (β) | Generation | β | Misinformation(Internal) |
| Fact-Checking | Macro F-1 (β) | Classification | β | Misinformation(External) |
| Multiple Choice QA | Accuracy (β) | Classification | β | Hallucination |
| Hallucination Classification | Accuracy (β) | Classification | β | Hallucination |
| Persona Sycophancy | Embedding similarity (β) | Generation | β | Sycophancy |
| Opinion Sycophancy | Percentage change (β) | Generation | β | Sycophancy |
| Factuality Correction | Percentage change (β) | Generation | β | Adversarial Factuality |
| Jailbreak Attack Evaluation | RtA (β) | Generation | β | Jailbreak |
| Toxicity Measurement | Toxicity Value (β) | Generation | β | Toxicity |
| Misuse Evaluation | RtA (β) | Generation | β | Misuse |
| Exaggerated Safety Evaluation | RtA (β) | Generation | β | Exaggerated Safety |
| Agreement on Stereotypes | Accuracy (β) | Generation | β | Stereotype |
| Recognition of Stereotypes | Agreement Percentage (β) | Classification | β | Stereotype |
| Stereotype Query Test | RtA (β) | Generation | β | Stereotype |
| Preference Selection | RtA (β) | Generation | β | Preference |
| Salary Prediction | p-value (β) | Generation | β | Disparagement |
| Adversarial Perturbation in Downstream Tasks | ASR (β), RS (β) | Generation | β | Natural Noise |
| Adversarial Perturbation in Open-Ended Tasks | Embedding similarity (β) | Generation | β | Natural Noise |
| OOD Detection | RtA (β) | Generation | β | Out of Domain (OOD) |
| OOD Generalization | Micro F1 (β) | Classification | β | Out of Domain (OOD) |
| Agreement on Privacy Information | Pearsonβs correlation (β) | Classification | β | Privacy Awareness |
| Privacy Scenario Test | RtA (β) | Generation | β | Privacy Awareness |
| Probing Privacy Information Usage | RtA (β), Accuracy (β) | Generation | β | Privacy Leakage |
| Moral Action Judgement | Accuracy (β) | Classification | β | Implicit Ethics |
| Moral Reaction Selection (Low-Ambiguity) | Accuracy (β) | Classification | β | Explicit Ethics |
| Moral Reaction Selection (High-Ambiguity) | RtA (β) | Generation | β | Explicit Ethics |
| Emotion Classification | Accuracy (β) | Classification | β | Emotional Awareness |
Installation via pip:
pip install trustllmInstallation via conda:
conda install -c conda-forge trustllmInstallation via Github:
git clone git@github.com:HowieHwong/TrustLLM.gitCreate a new environment:
conda create --name trustllm python=3.9Install required packages:
cd trustllm_pkg
pip install .Download TrustLLM dataset:
from trustllm.dataset_download import download_huggingface_dataset
download_huggingface_dataset(save_path='save_path')We have added generation section from version 0.2.0. Start your generation from this page.
See our docs for more details.
If you want to view the performance of all models or upload the performance of your LLM, please refer to this link.
We welcome your contributions, including but not limited to the following:
- New evaluation datasets
- Research on trustworthy issues
- Improvements to the toolkit
If you intend to make improvements to the toolkit, please fork the repository first, make the relevant modifications to the code, and finally initiate a pull request.
- Faster and simpler evaluation pipeline
- Dynamic dataset
- More fine-grained datasets
- Chinese output evaluation
- Downstream application evaluation
@misc{sun2024trustllm,
title={TrustLLM: Trustworthiness in Large Language Models},
author={Lichao Sun and Yue Huang and Haoran Wang and Siyuan Wu and Qihui Zhang and Chujie Gao and Yixin Huang and Wenhan Lyu and Yixuan Zhang and Xiner Li and Zhengliang Liu and Yixin Liu and Yijue Wang and Zhikun Zhang and Bhavya Kailkhura and Caiming Xiong and Chaowei Xiao and Chunyuan Li and Eric Xing and Furong Huang and Hao Liu and Heng Ji and Hongyi Wang and Huan Zhang and Huaxiu Yao and Manolis Kellis and Marinka Zitnik and Meng Jiang and Mohit Bansal and James Zou and Jian Pei and Jian Liu and Jianfeng Gao and Jiawei Han and Jieyu Zhao and Jiliang Tang and Jindong Wang and John Mitchell and Kai Shu and Kaidi Xu and Kai-Wei Chang and Lifang He and Lifu Huang and Michael Backes and Neil Zhenqiang Gong and Philip S. Yu and Pin-Yu Chen and Quanquan Gu and Ran Xu and Rex Ying and Shuiwang Ji and Suman Jana and Tianlong Chen and Tianming Liu and Tianyi Zhou and William Wang and Xiang Li and Xiangliang Zhang and Xiao Wang and Xing Xie and Xun Chen and Xuyu Wang and Yan Liu and Yanfang Ye and Yinzhi Cao and Yong Chen and Yue Zhao},
year={2024},
eprint={2401.05561},
archivePrefix={arXiv},
primaryClass={cs.CL}
}
The code in this repository is open source under the MIT license.