zhangsiyuan
52ba43f08d
- Module C: BC+PPO training v5/v6 done; eval results in experiments/eval_intervention_v{5,6}.json
- Reward: v5 label-aligned constrained reward (code/src/rl/reward.py)
- Ablations: Module B (history_r, response_only, full) + Module C (wo_category_reward)
- SOTA baselines: WildGuard and ShieldGemma2b eval scripts and results
- Paper: update sections 05–08 (Module B/C description, experiments table, discussion)
- Docs: add record.md (change log), update state.md and exp.md; retire change.md
- Tools: add html-to-ppt utilities and run_shieldgemma2b.sh
- Configs: add ablation YAML configs for Module B and C
- Cleanup: remove stale reference/ PNG screenshots
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
78 lines
3.7 KiB
TeX
78 lines
3.7 KiB
TeX
% ============================================================
|
||
\section{实验}
|
||
\label{sec:experiments}
|
||
% ============================================================
|
||
|
||
\subsection{实验设置}
|
||
|
||
\subsubsection{评测集}
|
||
|
||
所有实验均在CompanionRisk-Bench测试集($n=1,486$)上进行。
|
||
为验证泛化性,Module B的评估额外在non-homogeneous子集
|
||
(393条真实人-AI对话)上进行独立报告。
|
||
|
||
\subsubsection{评测指标}
|
||
|
||
\textbf{检测任务(Module B)}:
|
||
\begin{itemize}
|
||
\item Binary F1(有风险/无风险二分类F1)
|
||
\item High-risk Recall(高风险样本$y_\text{risk}=1$的召回率)
|
||
\item False Negative Rate (FNR)(漏检率)
|
||
\item Level Weighted F1(风险等级5分类加权F1)
|
||
\item Fine Macro F1(14类细粒度标签宏平均F1)
|
||
\end{itemize}
|
||
|
||
\textbf{干预任务(Module C)}:
|
||
\begin{itemize}
|
||
\item Safety Recall(L3/L4高风险样本被正确干预比例)
|
||
\item Over-refusal Rate(L0安全样本被REWRITE及以上干预的比例)
|
||
\item Action Accuracy(与标注推荐动作$a_\text{recommend}$的吻合率)
|
||
\item Crisis Precision(CRISIS动作中L4样本的比例)
|
||
\item Safety-UX F-score(安全召回率与过拒率的调和平均衍生得分)
|
||
\end{itemize}
|
||
|
||
\subsubsection{基线方法}
|
||
|
||
\textbf{检测基线}:
|
||
L1a(关键词匹配)、L1b(正则词典)、L1c(组合);
|
||
L2a(ShieldGemma-2B,binary F1=0.027,FNR=0.987)、L2b(WildGuard,binary F1=0.038,FNR=0.981)
|
||
|
||
\textbf{干预基线}:
|
||
Rule-based($l_\text{risk} \geq 3$即REJECT,其余PASS)、
|
||
Threshold Baseline(按风险分数阈值映射动作)、
|
||
LLM-as-judge(Qwen/Qwen2.5-72B-Instruct零样本直接判断干预动作,temperature=0)
|
||
|
||
\subsection{RQ1:检测性能分析}
|
||
|
||
详细结果见第\ref{sec:moduleB}节表\ref{tab:moduleB_main}和表\ref{tab:per_category_recall}。
|
||
|
||
Module B在所有指标上大幅优于基线。
|
||
值得关注的是,两款通用守卫模型均严重失效:
|
||
ShieldGemma-2B(FNR=0.987)与WildGuard(FNR=0.981)
|
||
在R3情感操纵、R4现实隔离、R10越界亲密等伴侣特有类别上召回率为0.0\%,
|
||
整体漏检率甚至高于简单关键词规则基线(L1c FNR=0.816)。
|
||
这一结果表明,通用安全分类体系与中文伴侣场景之间存在系统性偏差,
|
||
而本文Module B(FNR=0.000)通过专属分类体系和上下文感知架构有效弥补了这一差距。
|
||
|
||
\subsection{RQ2:干预策略比较}
|
||
|
||
RL策略(safety\_recall=0.953,UX F-score=0.976)
|
||
显著优于所有基线。
|
||
LLM-as-judge(Qwen2.5-72B零样本)表现最差(safety\_recall=0.397,over\_refusal=0.211,UX F-score=0.528):
|
||
逐级动作分布分析显示,该模型对L3/L4高风险内容倾向输出WARN而非REWRITE(L3高风险中PASS+WARN占63.6\%),
|
||
同时对11.0\%的安全样本误判为CRISIS,表明在伴侣场景专属五动作空间下,
|
||
零样本LLM在安全与体验的双向校准上存在系统性困难;
|
||
这进一步说明了针对该任务进行专项强化学习训练的必要性。
|
||
Rule-based(0.908 / 0.952)和Threshold(0.908 / 0.952)基线虽简单,其safety\_recall反而高于零样本LLM。
|
||
RL策略在action\_accuracy(0.706)上较纯行为克隆BC-only(0.696)提升1.4pp,
|
||
验证了PPO阶段对细粒度动作学习的必要性。
|
||
BC-only虽可达到较高safety\_recall(0.940),
|
||
但其action\_accuracy和crisis\_precision均低于完整RL策略,
|
||
说明强化学习阶段有效改善了动作精度。
|
||
|
||
\subsection{RQ3:消融实验}
|
||
|
||
\todo{消融实验表格待补充。预期包含:
|
||
(1) Module B:Response-only / History+R / Persona+R / Full;
|
||
(2) Module C:BC-only / RL w/o category reward / Full RL。}
|