Backdoor NLP Models via AI-Generated Text (2024.lrec-main)

Copied to clipboard

Challenge: Existing attacks disregard fluency and semantic fidelity of poisoned text, rendering it easily detectable.
Approach: They propose to use AI-generated poisoned text to attack NLP models by establishing covert associations between trigger patterns and target labels without affecting normal accuracy.
Outcome: The proposed method achieves effective attacks while maintaining fluency and semantic similarity across all scenarios.

Similar Papers

Triggerless Backdoor Attack for NLP Tasks with Clean Labels (2022.naacl-main)

Copied to clipboard

Challenge: Backdoor attacks are a new threat to neural natural language processing models due to the fragility and lack of interpretability of NLP models.
Approach: They propose a method to perform backdoor attacks without an external trigger . they propose to use clean-labeled examples to generate poisoned clean-labelled examples .
Outcome: The proposed strategy is effective and hard to defend due to its triggerless nature.
Be Careful about Poisoned Word Embeddings: Exploring the Vulnerability of the Embedding Layers in NLP Models (2021.naacl-main)

Copied to clipboard

Challenge: Recent studies reveal a security threat to natural language processing models, called the Backdoor Attack.
Approach: They propose to hack a model by modifying one single word embedding vector without sacrificing accuracy on clean samples.
Outcome: The proposed method is more efficient and stealthier on sentiment analysis and sentence-pair classification tasks.
Expose Backdoors on the Way: A Feature-Based Efficient Defense against Textual Backdoor Attacks (2022.findings-emnlp)

Copied to clipboard

Challenge: Existing online backdoor defense methods for NLP models focus on anomalies at input or output level, causing fragility to adaptive attacks and high computational cost.
Approach: They propose a feature-based online defense method to detect poisoned samples . they use a distance-based anomaly score to distinguish poisones from clean samples based on feature-level regularization .
Outcome: The proposed method outperforms existing methods in sentiment analysis and offense detection tasks.
Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers (2023.findings-emnlp)

Copied to clipboard

Challenge: Backdoor attacks manipulate model predictions by inserting malicious "poison" instances that contain a specific pattern or "trigger."
Approach: They propose an attack that inserts style-based triggers into training and test data by using a poison selection technique to improve the effectiveness of both LLMBkd and existing backdoor attacks.
Outcome: The proposed attack achieves high success rates across a wide range of styles with little effort and no model training.
BITE: Textual Backdoor Attacks with Iterative Trigger Injection (2023.acl-long)

Copied to clipboard

Challenge: Existing methods to defend against backdoor attacks are based on model stealing, model thieving and training data extraction attacks.
Approach: They propose a backdoor attack that poisons training data to establish strong correlations between the target label and a set of “trigger words” These trigger words are iteratively identified and injected into the target-label instances through natural word-level perturbations.
Outcome: The proposed attack is significantly more effective than baseline methods while maintaining decent stealthiness, raising alarm on the usage of untrusted training data.
When Backdoors Speak: Understanding LLM Backdoor Attacks Through Model-Generated Explanations (2025.acl-long)

Copied to clipboard

Challenge: Recent studies have shown that Large Language Models (LLMs) are susceptible to backdoor attacks, where triggers embedded in poisoned data can maliciously alter LLMs’ behaviors.
Approach: They propose to leverage LLMs' generative capabilities to generate human-readable explanations for their decisions, enabling direct comparisons between explanations of clean and poisoned data.
Outcome: The proposed model produces coherent explanations for clean inputs but logically flawed explanations on poisoned data.
Mitigating Backdoor Poisoning Attacks through the Lens of Spurious Correlation (2023.emnlp-main)

Copied to clipboard

Challenge: Modern NLP models are often trained over large untrustworthy datasets, raising the potential for a malicious adversary to compromise model behaviour.
Approach: They propose to mitigate spurious correlations between textual triggers and classification labels by combining them with insertion-based attacks.
Outcome: The proposed defence significantly reduces attack success rates across backdoor attacks and provides a near-perfect defence against insertion-based attacks.
Rethinking Stealthiness of Backdoor Attack against NLP Models (2021.acl-long)

Copied to clipboard

Challenge: Existing backdoor attacks are not stealthy to system deployers or users.
Approach: They propose a novel backdoor attack method based on negative data augmentation and modifying word embeddings that is much stealthier while maintaining pretty good attacking performance.
Outcome: The proposed method is much stealthier while maintaining pretty good attacking performance.
Universal Vulnerabilities in Large Language Models: Backdoor Attacks for In-context Learning (2024.emnlp-main)

Copied to clipboard

Challenge: In-context learning has shown high efficacy in several NLP tasks, especially in few-shot settings.
Approach: They propose a backdoor attack method that poisons demonstration examples and poisons the demonstration context, preserving the model's generality.
Outcome: The proposed method can make models behave in alignment with predefined intentions without fine-tuning the model.
Where to Attack: A Dynamic Locator Model for Backdoor Attack in Text Classifications (2022.coling-1)

Copied to clipboard

Challenge: BackDoor Attack (BDA) study aims to train a poisoned model with clean data and some trigger-embedded instances to perform normally on normal inputs.
Approach: They propose to train a poisoned model with clean and poisonest inputs . they propose to use triggers to predict those poisonets as target labels .
Outcome: The proposed model can predict P2P dynamically without human intervention.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations