Challenge: Existing methods for dataset poisoning require full-dataset poison, which breaks code compilability.
Approach: They propose a functionality-preserving poisoning approach that injects short, compilable weak-use fragments into executed code paths.
Outcome: The proposed method contaminates 10% of the dataset while maintaining 100% compilability and functional correctness.

Similar Papers

PoisonedParrot: Subtle Data Poisoning Attacks to Elicit Copyright-Infringing Content from Large Language Models (2025.naacl-long)

Copied to clipboard

Challenge: PoisonedParrot is the first stealthy data poisoning attack that induces an LLM to generate copyrighted content even when the model has not been directly trained on the copyright material.
Approach: They propose a stealthy data poisoning attack that induces an LLM to generate copyrighted content even when it has not been directly trained on the copyright material.
Outcome: The proposed model induces an LLM to generate copyrighted content with no discernible side effects and is surprisingly effective at priming the model to generate content with little side effects.
Mitigating Data Poisoning in Text Classification with Differential Privacy (2021.findings-emnlp)

Copied to clipboard

Challenge: Data poisoning attacks can plant a backdoor in a model by injecting poisoned examples into training data, causing the model to misclassify test instances which include a specific pattern.
Approach: They propose a generic defence mechanism that makes training robust to poisoning attacks by smoothing the gradient from each training example.
Outcome: The proposed method is highly effective in mitigating, or even eliminating, poisoning attacks on text classification, with only a small cost in predictive accuracy.
Generalization or Memorization: Data Contamination and Trustworthy Evaluation for Large Language Models (2024.findings-acl)

Copied to clipboard

Challenge: Considering the vast size and wide-ranging sources of LLMs’ training data, it could explicitly or implicitly include test data.
Approach: They propose a Contamination Detection via output Distribution (CDD) which detects data contamination only by identifying the peakedness of LLM's output distribution.
Outcome: The proposed method improves performance by 21.8%-30.2% on humanEval and TED: trustworthy evaluation via output distribution.
Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers (2023.findings-emnlp)

Copied to clipboard

Challenge: Backdoor attacks manipulate model predictions by inserting malicious "poison" instances that contain a specific pattern or "trigger."
Approach: They propose an attack that inserts style-based triggers into training and test data by using a poison selection technique to improve the effectiveness of both LLMBkd and existing backdoor attacks.
Outcome: The proposed attack achieves high success rates across a wide range of styles with little effort and no model training.
Be Careful about Poisoned Word Embeddings: Exploring the Vulnerability of the Embedding Layers in NLP Models (2021.naacl-main)

Copied to clipboard

Challenge: Recent studies reveal a security threat to natural language processing models, called the Backdoor Attack.
Approach: They propose to hack a model by modifying one single word embedding vector without sacrificing accuracy on clean samples.
Outcome: The proposed method is more efficient and stealthier on sentiment analysis and sentence-pair classification tasks.
Data to Defense: The Role of Curation in Aligning Large Language Models Against Safety Compromise (2025.emnlp-main)

Copied to clipboard

Challenge: Recent studies have identified a vulnerability in large language models (LLMs) during customization.
Approach: They propose an adaptive data curation approach that allows any text to be curated to enhance its effectiveness in counteracting harmful samples during customization.
Outcome: The proposed approach reduces compromising effects and generates 100% safe responses.
PKAD: Pretrained Knowledge is All You Need to Detect and Mitigate Textual Backdoor Attacks (2024.findings-emnlp)

Copied to clipboard

Challenge: Current defense methods can be classified into inference-time and training-time ones based on their execution phase.
Approach: They propose a two-stage poison detection strategy using pre-trained language models to detect poisoned samples before model training.
Outcome: The proposed method achieves better performance than current methods more quickly and with fewer training costs.
Stop Uploading Test Data in Plain Text: Practical Strategies for Mitigating Data Contamination by Evaluation Benchmarks (2023.emnlp-main)

Copied to clipboard

Challenge: Common NLP models are trained on data crawled from the internet, and it is difficult to audit at scale.
Approach: They propose three strategies to prevent data contamination by encrypting test data and preventing it from being released on the internet.
Outcome: The proposed strategies can make a difference in preventing data contamination.
Weight Poisoning Attacks on Pretrained Models (2020.acl-main)

Copied to clipboard

Challenge: Recent trends in NLP use of pre-trained weights raise security questions . authors show that pre-training weights can be injected with vulnerabilities .
Approach: They propose to build "weight poisoning" attacks where pre-trained weights are injected with vulnerabilities that expose "backdoors" they outline practical defenses against such attacks.
Outcome: The proposed attacks expose "backdoors" after fine-tuning models . the proposed attacks are widely applicable and pose a serious threat .
Controllable Contamination Detection for Reliable LLM Evaluation with Statistical Guarantees (2026.acl-long)

Copied to clipboard

Challenge: Existing training data detectors fail to detect clean samples from contaminated test sets . existing methods fail to identify clean samples due to black-box nature of LLMs .
Approach: They propose a framework that detects and filters contaminated evaluation data . they propose 'failure detection' to reduce the proportion of contaminated samples mistakenly retained .
Outcome: The proposed framework reduces false discovery rate (FDR) under valid FDR control while maintaining evaluation consistency.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations