Cut the Deadwood Out: Backdoor Purification via Guided Module Substitution (2025.findings-emnlp)
Copied to clipboard
| Challenge: | Model NLP models are often trained on datasets from untrusted platforms, posing significant risks of data poisoning attacks. |
| Approach: | They propose a retraining-free method that selectively replaces modules in the victim model based on a trade-off signal between utility and backdoor. |
| Outcome: | The proposed method outperforms even the strongest defense baseline against challenging attacks like LWS. |
Similar Papers
Merging Triggers, Breaking Backdoors: Defensive Poisoning for Instruction-Tuned Language Models (2026.acl-long)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) are vulnerable to backdoor attacks, where adversaries poison a small subset of data to implant hidden behaviors. |
| Approach: | They propose a training pipeline that immunizes instruction-tuned LLMs against backdoor attacks. |
| Outcome: | The proposed defenses lower attack success rates while preserving instruction-following ability. |
Here’s a Free Lunch: Sanitizing Backdoored Models with Model Merge (2024.findings-acl)
Copied to clipboard
| Challenge: | democratization of pre-trained language models brings significant security risks, including backdoor attacks. |
| Approach: | They propose to merge a backdoored model with other homogeneous models to remediate backdoor vulnerabilities. |
| Outcome: | The proposed model merging approach outperforms other models on classification tasks without additional resources or specific knowledge. |
Fine-mixing: Mitigating Backdoors in Fine-tuned Language Models (2022.findings-emnlp)
Copied to clipboard
| Challenge: | Existing methods for defending NLP models against backdoors have ignored the clean weights of PLMs. |
| Approach: | They exploit pre-trained weights to mitigate backdoors in fine-tuned NLP models . they use a fine-mixing technique and an Embedding Purification technique to do the same . |
| Outcome: | The proposed method outperforms baseline mitigation methods on three single-sentence sentiment classification tasks and two sentence-pair classification tasks. |
Backdoor Attacks on Pre-trained Models by Layerwise Weight Poisoning (2021.emnlp-main)
Copied to clipboard
| Challenge: | Pre-trained models can be maliciously poisoned with certain triggers, causing a security threat. |
| Approach: | They propose a stronger weight poisoning attack method that introduces a layerwise weight poison strategy to plant deeper backdoors. |
| Outcome: | The proposed method can be widely applied and provide hints for future models robustness studies. |
Claim-Guided Textual Backdoor Attack for Practical Applications (2025.findings-naacl)
Copied to clipboard
| Challenge: | a novel backdoor attack is based on textual claims to trick models into misbehaving on targeted claims. |
| Approach: | a new backdoor attack is designed to trick models into misbehaving on targeted claims . the code and data will be available at https://github.com/minkyoo9/CGBA . |
| Outcome: | a new backdoor attack exploits the power of textual claims to trick models into misbehaving on claims without affecting their performance on clean data. |
Backdoor Attacks in Federated Learning by Rare Embeddings and Gradient Ensembling (2022.emnlp-main)
Copied to clipboard
| Challenge: | Recent advances in federated learning have demonstrated its promising capability to learn on decentralized datasets. |
| Approach: | They propose a technique that allows adversaries to poison the global model . they propose 'model poisoning' for backdoor attacks using word embeddings of NLP models . |
| Outcome: | The proposed technique improves the model poisoning performance in all experimental settings. |
Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers (2023.findings-emnlp)
Copied to clipboard
| Challenge: | Backdoor attacks manipulate model predictions by inserting malicious "poison" instances that contain a specific pattern or "trigger." |
| Approach: | They propose an attack that inserts style-based triggers into training and test data by using a poison selection technique to improve the effectiveness of both LLMBkd and existing backdoor attacks. |
| Outcome: | The proposed attack achieves high success rates across a wide range of styles with little effort and no model training. |
Instructions as Backdoors: Backdoor Vulnerabilities of Instruction Tuning for Large Language Models (2024.naacl-long)
Copied to clipboard
| Challenge: | et al., 2021) show that instruction models can be trained on crowdsourced datasets with task instructions to achieve superior performance. |
| Approach: | They examine security concerns of emergent instruction tuning paradigm that models are trained on crowdsourced datasets with task instructions to achieve superior performance. |
| Outcome: | The proposed model can achieve 90% success rate across four commonly used datasets. |
Be Careful about Poisoned Word Embeddings: Exploring the Vulnerability of the Embedding Layers in NLP Models (2021.naacl-main)
Copied to clipboard
| Challenge: | Recent studies reveal a security threat to natural language processing models, called the Backdoor Attack. |
| Approach: | They propose to hack a model by modifying one single word embedding vector without sacrificing accuracy on clean samples. |
| Outcome: | The proposed method is more efficient and stealthier on sentiment analysis and sentence-pair classification tasks. |
Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution (2021.acl-long)
Copied to clipboard
| Challenge: | Recent studies show that neural natural language processing models are vulnerable to backdoor attacks. |
| Approach: | They propose to inject neural models with backdoors activated by word substitution . their results raise a serious alarm to the security of NLP models, they argue . |
| Outcome: | The proposed backdoors are activated by a learnable combination of word substitution and exhibit higher invisibility than previous methods. |