Challenge: Existing methods for textual backdoor detection are task-specific and less effective beyond sentence classification.
Approach: They propose a task-agnostic method for backdoor detection that leverages final layer logits and an efficient pooling technique.
Outcome: TABDet can jointly learn from diverse task-specific models, demonstrating superior detection efficacy over traditional methods.

Similar Papers

Multi-target Backdoor Attacks for Code Pre-trained Models (2023.acl-long)

Copied to clipboard

Challenge: Existing work for backdoor attacks on neural code models insert triggers into task-specific data for code-related downstream tasks, limiting the scope of attacks.
Approach: They propose task-agnostic backdoor attacks for code pre-trained models . they use two learning strategies to implant backdoors into code understanding and generation models - Poisoned Seq2Seq learning and token representation learning .
Outcome: The proposed model is pre-trained with two learning strategies to support the multi-target attack of downstream code understanding and generation tasks.
Expose Backdoors on the Way: A Feature-Based Efficient Defense against Textual Backdoor Attacks (2022.findings-emnlp)

Copied to clipboard

Challenge: Existing online backdoor defense methods for NLP models focus on anomalies at input or output level, causing fragility to adaptive attacks and high computational cost.
Approach: They propose a feature-based online defense method to detect poisoned samples . they use a distance-based anomaly score to distinguish poisones from clean samples based on feature-level regularization .
Outcome: The proposed method outperforms existing methods in sentiment analysis and offense detection tasks.
Rethinking Backdoor Detection Evaluation for Language Models (2025.emnlp-main)

Copied to clipboard

Challenge: Existing backdoor detection methods have high accuracy in detecting backdoored models, but they are not robust enough to detect backdoors in the wild.
Approach: They examine the robustness of backdoor detectors by manipulating different factors during backdoor planting.
Outcome: The proposed methods are able to detect backdoors in the wild, but they lack robustness against backdoor attacks.
ChatGPT as an Attack Tool: Stealthy Textual Backdoor Attack via Blackbox Generative Model Trigger (2024.naacl-long)

Copied to clipboard

Challenge: Textual backdoor attacks are increasingly challenging to detect due to the use of advanced generative models such as GPT-4.
Approach: They propose a framework that harnesses advanced generative models to execute stealthier backdoor attacks on text classifiers.
Outcome: The proposed framework achieves state-of-the-art attack success rate of 97.35% over four sentiment classification tasks and four human cognition stealthiness tests.
Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution (2021.acl-long)

Copied to clipboard

Challenge: Recent studies show that neural natural language processing models are vulnerable to backdoor attacks.
Approach: They propose to inject neural models with backdoors activated by word substitution . their results raise a serious alarm to the security of NLP models, they argue .
Outcome: The proposed backdoors are activated by a learnable combination of word substitution and exhibit higher invisibility than previous methods.
Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger (2021.acl-long)

Copied to clipboard

Challenge: Existing methods for textual backdoor attacks insert additional contents into normal samples as triggers, causing detection and blocking of backdoors.
Approach: They propose to use syntactic structure as trigger in textual backdoor attacks . they propose to achieve similar attack performance but have higher invisibility .
Outcome: The proposed method achieves almost 100% success rate but has higher invisibility and stronger resistance to defenses than the insertion-based methods.
Rethinking Stealthiness of Backdoor Attack against NLP Models (2021.acl-long)

Copied to clipboard

Challenge: Existing backdoor attacks are not stealthy to system deployers or users.
Approach: They propose a novel backdoor attack method based on negative data augmentation and modifying word embeddings that is much stealthier while maintaining pretty good attacking performance.
Outcome: The proposed method is much stealthier while maintaining pretty good attacking performance.
NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models (2023.acl-long)

Copied to clipboard

Challenge: Existing backdoor attacks against prompt-based learning involve injecting back doors into embedding layers or word embedders.
Approach: They propose a backdoor attack against prompt-based learning that injects backdoors into embedding layers or word embeddable vectors.
Outcome: The proposed backdoor attack outperforms two state-of-the-art models on six NLP tasks and three prompting strategies.
Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers (2023.findings-emnlp)

Copied to clipboard

Challenge: Backdoor attacks manipulate model predictions by inserting malicious "poison" instances that contain a specific pattern or "trigger."
Approach: They propose an attack that inserts style-based triggers into training and test data by using a poison selection technique to improve the effectiveness of both LLMBkd and existing backdoor attacks.
Outcome: The proposed attack achieves high success rates across a wide range of styles with little effort and no model training.
UOR: Universal Backdoor Attacks on Pre-trained Language Models (2024.findings-acl)

Copied to clipboard

Challenge: Existing methods to attack pre-trained language models rely on manual selection of triggers and backdoor representations.
Approach: They propose a backdoor attack method that turns manual selection into automatic optimization . they propose to use poisoned contrastive learning to learn more uniform backdoor representations .
Outcome: The proposed method achieves better attack performance on text classification tasks compared to manual methods.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations