Challenge: Model NLP models are often trained on datasets from untrusted platforms, posing significant risks of data poisoning attacks.
Approach: They propose a retraining-free method that selectively replaces modules in the victim model based on a trade-off signal between utility and backdoor.
Outcome: The proposed method outperforms even the strongest defense baseline against challenging attacks like LWS.

Similar Papers

Merging Triggers, Breaking Backdoors: Defensive Poisoning for Instruction-Tuned Language Models (2026.acl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) are vulnerable to backdoor attacks, where adversaries poison a small subset of data to implant hidden behaviors.
Approach: They propose a training pipeline that immunizes instruction-tuned LLMs against backdoor attacks.
Outcome: The proposed defenses lower attack success rates while preserving instruction-following ability.
Here’s a Free Lunch: Sanitizing Backdoored Models with Model Merge (2024.findings-acl)

Copied to clipboard

Challenge: democratization of pre-trained language models brings significant security risks, including backdoor attacks.
Approach: They propose to merge a backdoored model with other homogeneous models to remediate backdoor vulnerabilities.
Outcome: The proposed model merging approach outperforms other models on classification tasks without additional resources or specific knowledge.
Fine-mixing: Mitigating Backdoors in Fine-tuned Language Models (2022.findings-emnlp)

Copied to clipboard

Challenge: Existing methods for defending NLP models against backdoors have ignored the clean weights of PLMs.
Approach: They exploit pre-trained weights to mitigate backdoors in fine-tuned NLP models . they use a fine-mixing technique and an Embedding Purification technique to do the same .
Outcome: The proposed method outperforms baseline mitigation methods on three single-sentence sentiment classification tasks and two sentence-pair classification tasks.
Backdoor Attacks on Pre-trained Models by Layerwise Weight Poisoning (2021.emnlp-main)

Copied to clipboard

Challenge: Pre-trained models can be maliciously poisoned with certain triggers, causing a security threat.
Approach: They propose a stronger weight poisoning attack method that introduces a layerwise weight poison strategy to plant deeper backdoors.
Outcome: The proposed method can be widely applied and provide hints for future models robustness studies.
Claim-Guided Textual Backdoor Attack for Practical Applications (2025.findings-naacl)

Copied to clipboard

Challenge: a novel backdoor attack is based on textual claims to trick models into misbehaving on targeted claims.
Approach: a new backdoor attack is designed to trick models into misbehaving on targeted claims . the code and data will be available at https://github.com/minkyoo9/CGBA .
Outcome: a new backdoor attack exploits the power of textual claims to trick models into misbehaving on claims without affecting their performance on clean data.
Backdoor Attacks in Federated Learning by Rare Embeddings and Gradient Ensembling (2022.emnlp-main)

Copied to clipboard

Challenge: Recent advances in federated learning have demonstrated its promising capability to learn on decentralized datasets.
Approach: They propose a technique that allows adversaries to poison the global model . they propose 'model poisoning' for backdoor attacks using word embeddings of NLP models .
Outcome: The proposed technique improves the model poisoning performance in all experimental settings.
Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers (2023.findings-emnlp)

Copied to clipboard

Challenge: Backdoor attacks manipulate model predictions by inserting malicious "poison" instances that contain a specific pattern or "trigger."
Approach: They propose an attack that inserts style-based triggers into training and test data by using a poison selection technique to improve the effectiveness of both LLMBkd and existing backdoor attacks.
Outcome: The proposed attack achieves high success rates across a wide range of styles with little effort and no model training.
Instructions as Backdoors: Backdoor Vulnerabilities of Instruction Tuning for Large Language Models (2024.naacl-long)

Copied to clipboard

Challenge: et al., 2021) show that instruction models can be trained on crowdsourced datasets with task instructions to achieve superior performance.
Approach: They examine security concerns of emergent instruction tuning paradigm that models are trained on crowdsourced datasets with task instructions to achieve superior performance.
Outcome: The proposed model can achieve 90% success rate across four commonly used datasets.
Be Careful about Poisoned Word Embeddings: Exploring the Vulnerability of the Embedding Layers in NLP Models (2021.naacl-main)

Copied to clipboard

Challenge: Recent studies reveal a security threat to natural language processing models, called the Backdoor Attack.
Approach: They propose to hack a model by modifying one single word embedding vector without sacrificing accuracy on clean samples.
Outcome: The proposed method is more efficient and stealthier on sentiment analysis and sentence-pair classification tasks.
Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution (2021.acl-long)

Copied to clipboard

Challenge: Recent studies show that neural natural language processing models are vulnerable to backdoor attacks.
Approach: They propose to inject neural models with backdoors activated by word substitution . their results raise a serious alarm to the security of NLP models, they argue .
Outcome: The proposed backdoors are activated by a learnable combination of word substitution and exhibit higher invisibility than previous methods.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations