Train in Vain: Functionality-Preserving Poisoning to Prevent Unauthorized Use of Code Datasets (2026.findings-acl)
Copied to clipboard
Yuan Xiao, Jiaming Wang, Yuchen Chen, Wei Song, Jun Sun, Shiqing Ma, Yanzhou Mu, Juan Zhai, Chunrong Fang, Jin Song Dong, Zhenyu Chen
| Challenge: | Existing methods for dataset poisoning require full-dataset poison, which breaks code compilability. |
| Approach: | They propose a functionality-preserving poisoning approach that injects short, compilable weak-use fragments into executed code paths. |
| Outcome: | The proposed method contaminates 10% of the dataset while maintaining 100% compilability and functional correctness. |
Similar Papers
PoisonedParrot: Subtle Data Poisoning Attacks to Elicit Copyright-Infringing Content from Large Language Models (2025.naacl-long)
Copied to clipboard
Michael-Andrei Panaitescu-Liess, Pankayaraj Pathmanathan, Yigitcan Kaya, Zora Che, Bang An, Sicheng Zhu, Aakriti Agrawal, Furong Huang
| Challenge: | PoisonedParrot is the first stealthy data poisoning attack that induces an LLM to generate copyrighted content even when the model has not been directly trained on the copyright material. |
| Approach: | They propose a stealthy data poisoning attack that induces an LLM to generate copyrighted content even when it has not been directly trained on the copyright material. |
| Outcome: | The proposed model induces an LLM to generate copyrighted content with no discernible side effects and is surprisingly effective at priming the model to generate content with little side effects. |
Mitigating Data Poisoning in Text Classification with Differential Privacy (2021.findings-emnlp)
Copied to clipboard
| Challenge: | Data poisoning attacks can plant a backdoor in a model by injecting poisoned examples into training data, causing the model to misclassify test instances which include a specific pattern. |
| Approach: | They propose a generic defence mechanism that makes training robust to poisoning attacks by smoothing the gradient from each training example. |
| Outcome: | The proposed method is highly effective in mitigating, or even eliminating, poisoning attacks on text classification, with only a small cost in predictive accuracy. |
Generalization or Memorization: Data Contamination and Trustworthy Evaluation for Large Language Models (2024.findings-acl)
Copied to clipboard
| Challenge: | Considering the vast size and wide-ranging sources of LLMs’ training data, it could explicitly or implicitly include test data. |
| Approach: | They propose a Contamination Detection via output Distribution (CDD) which detects data contamination only by identifying the peakedness of LLM's output distribution. |
| Outcome: | The proposed method improves performance by 21.8%-30.2% on humanEval and TED: trustworthy evaluation via output distribution. |
Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers (2023.findings-emnlp)
Copied to clipboard
| Challenge: | Backdoor attacks manipulate model predictions by inserting malicious "poison" instances that contain a specific pattern or "trigger." |
| Approach: | They propose an attack that inserts style-based triggers into training and test data by using a poison selection technique to improve the effectiveness of both LLMBkd and existing backdoor attacks. |
| Outcome: | The proposed attack achieves high success rates across a wide range of styles with little effort and no model training. |
Be Careful about Poisoned Word Embeddings: Exploring the Vulnerability of the Embedding Layers in NLP Models (2021.naacl-main)
Copied to clipboard
| Challenge: | Recent studies reveal a security threat to natural language processing models, called the Backdoor Attack. |
| Approach: | They propose to hack a model by modifying one single word embedding vector without sacrificing accuracy on clean samples. |
| Outcome: | The proposed method is more efficient and stealthier on sentiment analysis and sentence-pair classification tasks. |
Data to Defense: The Role of Curation in Aligning Large Language Models Against Safety Compromise (2025.emnlp-main)
Copied to clipboard
| Challenge: | Recent studies have identified a vulnerability in large language models (LLMs) during customization. |
| Approach: | They propose an adaptive data curation approach that allows any text to be curated to enhance its effectiveness in counteracting harmful samples during customization. |
| Outcome: | The proposed approach reduces compromising effects and generates 100% safe responses. |
PKAD: Pretrained Knowledge is All You Need to Detect and Mitigate Textual Backdoor Attacks (2024.findings-emnlp)
Copied to clipboard
| Challenge: | Current defense methods can be classified into inference-time and training-time ones based on their execution phase. |
| Approach: | They propose a two-stage poison detection strategy using pre-trained language models to detect poisoned samples before model training. |
| Outcome: | The proposed method achieves better performance than current methods more quickly and with fewer training costs. |
Stop Uploading Test Data in Plain Text: Practical Strategies for Mitigating Data Contamination by Evaluation Benchmarks (2023.emnlp-main)
Copied to clipboard
| Challenge: | Common NLP models are trained on data crawled from the internet, and it is difficult to audit at scale. |
| Approach: | They propose three strategies to prevent data contamination by encrypting test data and preventing it from being released on the internet. |
| Outcome: | The proposed strategies can make a difference in preventing data contamination. |
Weight Poisoning Attacks on Pretrained Models (2020.acl-main)
Copied to clipboard
| Challenge: | Recent trends in NLP use of pre-trained weights raise security questions . authors show that pre-training weights can be injected with vulnerabilities . |
| Approach: | They propose to build "weight poisoning" attacks where pre-trained weights are injected with vulnerabilities that expose "backdoors" they outline practical defenses against such attacks. |
| Outcome: | The proposed attacks expose "backdoors" after fine-tuning models . the proposed attacks are widely applicable and pose a serious threat . |
Controllable Contamination Detection for Reliable LLM Evaluation with Statistical Guarantees (2026.acl-long)
Copied to clipboard
Zheng Zhang, Qi Liu, Siyuan Liang, Ning Li, Zirui Hu, Weibo Gao, Rui Li, Zhenya Huang, Leszek Rutkowski, Baosheng Yu, Dacheng Tao
| Challenge: | Existing training data detectors fail to detect clean samples from contaminated test sets . existing methods fail to identify clean samples due to black-box nature of LLMs . |
| Approach: | They propose a framework that detects and filters contaminated evaluation data . they propose 'failure detection' to reduce the proportion of contaminated samples mistakenly retained . |
| Outcome: | The proposed framework reduces false discovery rate (FDR) under valid FDR control while maintaining evaluation consistency. |