Challenge: Prompt tuning on a few data samples presents security issues, e.g., Trojan attacks.
Approach: They propose a method to transfer established data poisoning attacks directly to few-shot prompt tuning, a technique to address the poisoned imbalance issue.
Outcome: The proposed method achieves an ASR of over 99% while maintaining negligible decreases in CDA.

Similar Papers

PromptFix: Few-shot Backdoor Removal via Adversarial Prompt Tuning (2024.naacl-long)

Copied to clipboard

Challenge: Existing studies have shown that pre-trained language models can be backdoored such that model behavior is manipulated when trigger tokens are presented.
Approach: They propose a backdoor mitigation strategy for NLP models via adversarial prompt-tuning in few-shot settings that uses two extra sets of soft tokens which approximate the trigger and counteract it respectively.
Outcome: The proposed method keeps model parameters intact and only utilizes two extra sets of soft tokens which approximate the trigger and counteract it respectively.
PPT: Pre-trained Prompt Tuning for Few-shot Learning (2022.acl-long)

Copied to clipboard

Challenge: Prompt tuning for pre-trained language models has shown remarkable performance . however, prompt tuning is still not fully explored .
Approach: They propose to pre-train prompts by adding soft prompts into the pre-training stage to obtain a better initialization.
Outcome: The proposed framework outperforms full-model tuning under full-data and few-shot learning settings.
Backdooring Instruction-Tuned Large Language Models with Virtual Prompt Injection (2024.naacl-long)

Copied to clipboard

Challenge: Instruction-tuned Large Language Models (LLMs) can modulate responses based on human instructions, but they can be maliciously steered to impact society in subtle but persistent ways.
Approach: They propose a backdoor attack setting that allows an attacker to inject a virtual prompt into an LLM to steer it without any explicit injection at its input.
Outcome: The proposed method is able to poison the model's instruction tuning data and show that it is highly effective in steering the model.
StablePT : Towards Stable Prompting for Few-shot Learning via Input Separation (2024.findings-emnlp)

Copied to clipboard

Challenge: Existing studies on prompt tuning have shown that language models can be effective few-shot learners with prompting.
Approach: They propose to treat the hard prompt and soft prompt as separate inputs to mitigate noise brought by prompt initialization.
Outcome: Experimental results show that the proposed method outperforms state-of-the-art methods by 6.97% in accuracy and reduces the standard deviation by 1.92 on average.
Defenses Against Prompt Attacks Learn Surface Heuristics (2026.acl-long)

Copied to clipboard

Challenge: Large language models (LLMs) are increasingly deployed in security-sensitive applications . recent defenses rely on supervised fine-tuning with benign and malicious labels . position bias arises when benign content placed later in a prompt is rejected at much higher rates .
Approach: They analyze three recurring shortcut behaviors induced by supervised fine-tuning . position bias arises when benign content placed later in a prompt is rejected . token trigger bias occurs when strings common in attack data raise rejection probability .
Outcome: The proposed model overrides intended logic when adversarial instructions appear . the proposed model has low rejection rates but narrow correlations in defense data .
ATTEMPT: Parameter-Efficient Multi-task Tuning via Attentional Mixtures of Soft Prompts (2022.emnlp-main)

Copied to clipboard

Challenge: a new multi-task, parameter-efficient language model tuning method learns to transfer knowledge across different tasks via a mixture of soft prompts.
Approach: They propose a multi-task, parameter-efficient language model tuning method that uses soft prompts to learn to transfer knowledge across different tasks.
Outcome: The proposed method outperforms prompt tuning and outperfies or matches fully fine-tuned tuning approaches that use 10 times more parameters.
Model-tuning Via Prompts Makes NLP Models Adversarially Robust (2023.emnlp-main)

Copied to clipboard

Challenge: Pre-trained models are typically adapted to downstream tasks by appending a randomly initialized multilayer perceptron to their topmost representation layer and fine-tuning the entire model on a downstream task.
Approach: They propose to append a multilayer perceptron to a CLS token and fine-tune the entire model on a downstream task.
Outcome: The proposed model-tuning via prompts outperforms adversarial training-based state-of-art defenses by 3.5% and improves against adversarials by 8% over standard methods.
Instructions as Backdoors: Backdoor Vulnerabilities of Instruction Tuning for Large Language Models (2024.naacl-long)

Copied to clipboard

Challenge: et al., 2021) show that instruction models can be trained on crowdsourced datasets with task instructions to achieve superior performance.
Approach: They examine security concerns of emergent instruction tuning paradigm that models are trained on crowdsourced datasets with task instructions to achieve superior performance.
Outcome: The proposed model can achieve 90% success rate across four commonly used datasets.
POSIX: A Prompt Sensitivity Index For Large Language Models (2024.findings-emnlp)

Copied to clipboard

Challenge: Large Language Models (LLMs) are sensitive to minor variations in prompts, such as spelling errors, alteration of wording or the prompt template.
Approach: They propose a PrOmpt Sensitivity IndeX to measure prompt sensitivity . they use this to compare prompt sensitability of various open source LLMs .
Outcome: The proposed method can measure and compare prompt sensitivity of open source LLMs.
Prompt as Triggers for Backdoor Attack: Examining the Vulnerability in Language Models (2023.emnlp-main)

Copied to clipboard

Challenge: ProAttack is a novel and efficient method for performing clean-label backdoor attacks based on the prompt, which uses the prompt itself as a trigger.
Approach: They propose a method for performing clean-label backdoor attacks based on the prompt, which uses the prompt itself as a trigger.
Outcome: The proposed method achieves state-of-the-art performance on several NLP tasks, particularly in few-shot settings.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations