Task-Agnostic Detector for Insertion-Based Backdoor Attacks (2024.findings-naacl)
Copied to clipboard
| Challenge: | Existing methods for textual backdoor detection are task-specific and less effective beyond sentence classification. |
| Approach: | They propose a task-agnostic method for backdoor detection that leverages final layer logits and an efficient pooling technique. |
| Outcome: | TABDet can jointly learn from diverse task-specific models, demonstrating superior detection efficacy over traditional methods. |
Similar Papers
Multi-target Backdoor Attacks for Code Pre-trained Models (2023.acl-long)
Copied to clipboard
| Challenge: | Existing work for backdoor attacks on neural code models insert triggers into task-specific data for code-related downstream tasks, limiting the scope of attacks. |
| Approach: | They propose task-agnostic backdoor attacks for code pre-trained models . they use two learning strategies to implant backdoors into code understanding and generation models - Poisoned Seq2Seq learning and token representation learning . |
| Outcome: | The proposed model is pre-trained with two learning strategies to support the multi-target attack of downstream code understanding and generation tasks. |
Expose Backdoors on the Way: A Feature-Based Efficient Defense against Textual Backdoor Attacks (2022.findings-emnlp)
Copied to clipboard
| Challenge: | Existing online backdoor defense methods for NLP models focus on anomalies at input or output level, causing fragility to adaptive attacks and high computational cost. |
| Approach: | They propose a feature-based online defense method to detect poisoned samples . they use a distance-based anomaly score to distinguish poisones from clean samples based on feature-level regularization . |
| Outcome: | The proposed method outperforms existing methods in sentiment analysis and offense detection tasks. |
Rethinking Backdoor Detection Evaluation for Language Models (2025.emnlp-main)
Copied to clipboard
| Challenge: | Existing backdoor detection methods have high accuracy in detecting backdoored models, but they are not robust enough to detect backdoors in the wild. |
| Approach: | They examine the robustness of backdoor detectors by manipulating different factors during backdoor planting. |
| Outcome: | The proposed methods are able to detect backdoors in the wild, but they lack robustness against backdoor attacks. |
ChatGPT as an Attack Tool: Stealthy Textual Backdoor Attack via Blackbox Generative Model Trigger (2024.naacl-long)
Copied to clipboard
| Challenge: | Textual backdoor attacks are increasingly challenging to detect due to the use of advanced generative models such as GPT-4. |
| Approach: | They propose a framework that harnesses advanced generative models to execute stealthier backdoor attacks on text classifiers. |
| Outcome: | The proposed framework achieves state-of-the-art attack success rate of 97.35% over four sentiment classification tasks and four human cognition stealthiness tests. |
Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution (2021.acl-long)
Copied to clipboard
| Challenge: | Recent studies show that neural natural language processing models are vulnerable to backdoor attacks. |
| Approach: | They propose to inject neural models with backdoors activated by word substitution . their results raise a serious alarm to the security of NLP models, they argue . |
| Outcome: | The proposed backdoors are activated by a learnable combination of word substitution and exhibit higher invisibility than previous methods. |
Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger (2021.acl-long)
Copied to clipboard
| Challenge: | Existing methods for textual backdoor attacks insert additional contents into normal samples as triggers, causing detection and blocking of backdoors. |
| Approach: | They propose to use syntactic structure as trigger in textual backdoor attacks . they propose to achieve similar attack performance but have higher invisibility . |
| Outcome: | The proposed method achieves almost 100% success rate but has higher invisibility and stronger resistance to defenses than the insertion-based methods. |
Rethinking Stealthiness of Backdoor Attack against NLP Models (2021.acl-long)
Copied to clipboard
| Challenge: | Existing backdoor attacks are not stealthy to system deployers or users. |
| Approach: | They propose a novel backdoor attack method based on negative data augmentation and modifying word embeddings that is much stealthier while maintaining pretty good attacking performance. |
| Outcome: | The proposed method is much stealthier while maintaining pretty good attacking performance. |
NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models (2023.acl-long)
Copied to clipboard
| Challenge: | Existing backdoor attacks against prompt-based learning involve injecting back doors into embedding layers or word embedders. |
| Approach: | They propose a backdoor attack against prompt-based learning that injects backdoors into embedding layers or word embeddable vectors. |
| Outcome: | The proposed backdoor attack outperforms two state-of-the-art models on six NLP tasks and three prompting strategies. |
Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers (2023.findings-emnlp)
Copied to clipboard
| Challenge: | Backdoor attacks manipulate model predictions by inserting malicious "poison" instances that contain a specific pattern or "trigger." |
| Approach: | They propose an attack that inserts style-based triggers into training and test data by using a poison selection technique to improve the effectiveness of both LLMBkd and existing backdoor attacks. |
| Outcome: | The proposed attack achieves high success rates across a wide range of styles with little effort and no model training. |
UOR: Universal Backdoor Attacks on Pre-trained Language Models (2024.findings-acl)
Copied to clipboard
| Challenge: | Existing methods to attack pre-trained language models rely on manual selection of triggers and backdoor representations. |
| Approach: | They propose a backdoor attack method that turns manual selection into automatic optimization . they propose to use poisoned contrastive learning to learn more uniform backdoor representations . |
| Outcome: | The proposed method achieves better attack performance on text classification tasks compared to manual methods. |