Challenge: Current defense methods can be classified into inference-time and training-time ones based on their execution phase.
Approach: They propose a two-stage poison detection strategy using pre-trained language models to detect poisoned samples before model training.
Outcome: The proposed method achieves better performance than current methods more quickly and with fewer training costs.

Similar Papers

Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers (2023.findings-emnlp)

Copied to clipboard

Challenge: Backdoor attacks manipulate model predictions by inserting malicious "poison" instances that contain a specific pattern or "trigger."
Approach: They propose an attack that inserts style-based triggers into training and test data by using a poison selection technique to improve the effectiveness of both LLMBkd and existing backdoor attacks.
Outcome: The proposed attack achieves high success rates across a wide range of styles with little effort and no model training.
Maximum Entropy Loss, the Silver Bullet Targeting Backdoor Attacks in Pre-trained Language Models (2023.findings-acl)

Copied to clipboard

Challenge: Existing backdoor defense paradigms focus on detecting and removing poisoned samples at pre-training or inference time.
Approach: They propose a new approach where the backdoor attack is directly reversed by incorporating maximum entropy loss into training to neutralize the minimal cross-entropiness loss fine-tuning on poisoned data.
Outcome: The proposed model significantly lowers the attack success rate on classification tasks and reduces the risk of backdoor attacks on clean data.
Textual Backdoor Attacks Can Be More Harmful via Two Simple Tricks (2022.emnlp-main)

Copied to clipboard

Challenge: Existing textual backdoor attacks are vulnerable to backdoors . researchers add extra training task to distinguish poisoned and clean data .
Approach: They propose two tricks that make existing backdoor attacks much more harmful . first trick is to add an extra task to distinguish poisoned and clean data . second trick is using all the clean training data rather than the original clean data.
Outcome: The proposed tricks can significantly improve attack performance in three tough situations including clean data fine-tuning, low-poisoning-rate, and label-consistent attacks.
BFClass: A Backdoor-free Text Classification Framework (2021.findings-emnlp)

Copied to clipboard

Challenge: Various trigger design strategies have been explored to attack text classifiers, however, defending such attacks remains an open problem.
Approach: They propose a backdoor-free training framework that poisons a subset of training data by injecting trigger patterns and setting their labels as the target labels.
Outcome: The proposed framework can detect all the triggers, remove 95% of poisoned training samples with very limited false alarms, and achieve almost the same performance as the models trained on benign training data.
BITE: Textual Backdoor Attacks with Iterative Trigger Injection (2023.acl-long)

Copied to clipboard

Challenge: Existing methods to defend against backdoor attacks are based on model stealing, model thieving and training data extraction attacks.
Approach: They propose a backdoor attack that poisons training data to establish strong correlations between the target label and a set of “trigger words” These trigger words are iteratively identified and injected into the target-label instances through natural word-level perturbations.
Outcome: The proposed attack is significantly more effective than baseline methods while maintaining decent stealthiness, raising alarm on the usage of untrusted training data.
DiSec: Mitigating Backdoors in Pre-trained Language Models via Disentanglement of Adversarial Weights for Secure Fine-Tuning (2026.findings-acl)

Copied to clipboard

Challenge: Existing defenses rely on privileged assumptions, limiting their applicability in realistic settings.
Approach: They propose a task-agnostic backdoor attack that contaminates pre-trained language models . authors propose auxiliary text purification framework that uses only clean auxiliary data .
Outcome: The proposed framework suppresses attack success while preserving clean-task utility.
Where to Attack: A Dynamic Locator Model for Backdoor Attack in Text Classifications (2022.coling-1)

Copied to clipboard

Challenge: BackDoor Attack (BDA) study aims to train a poisoned model with clean data and some trigger-embedded instances to perform normally on normal inputs.
Approach: They propose to train a poisoned model with clean and poisonest inputs . they propose to use triggers to predict those poisonets as target labels .
Outcome: The proposed model can predict P2P dynamically without human intervention.
Defending against Insertion-based Textual Backdoor Attacks via Attribution (2023.findings-acl)

Copied to clipboard

Challenge: Textual backdoor attacks are vulnerable to backdoors and can be used to infect models trained on poisoned data.
Approach: They propose an efficient attribution-based pipeline to defend against two insertion-based poisoning attacks, BadNL and InSent.
Outcome: The proposed method can generalize sufficiently well in two common attack scenarios, which consistently improves previous methods.
Mitigating Backdoor Poisoning Attacks through the Lens of Spurious Correlation (2023.emnlp-main)

Copied to clipboard

Challenge: Modern NLP models are often trained over large untrustworthy datasets, raising the potential for a malicious adversary to compromise model behaviour.
Approach: They propose to mitigate spurious correlations between textual triggers and classification labels by combining them with insertion-based attacks.
Outcome: The proposed defence significantly reduces attack success rates across backdoor attacks and provides a near-perfect defence against insertion-based attacks.
UOR: Universal Backdoor Attacks on Pre-trained Language Models (2024.findings-acl)

Copied to clipboard

Challenge: Existing methods to attack pre-trained language models rely on manual selection of triggers and backdoor representations.
Approach: They propose a backdoor attack method that turns manual selection into automatic optimization . they propose to use poisoned contrastive learning to learn more uniform backdoor representations .
Outcome: The proposed method achieves better attack performance on text classification tasks compared to manual methods.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations