Papers with victim models

11 papers
Extracted BERT Model Leaks More Information than You Think! (2022.emnlp-main)

Copied to clipboard

Challenge: Existing pre-trained language models are vulnerable to model extraction attacks . model extraction can cause severe privacy leakage even when victim models are facilitated with state-of-the-art defensive strategies.
Approach: They propose to launch an attribute-inference attack against an extracted BERT model to prevent privacy leakage.
Outcome: The proposed attack can cause severe privacy leakage even when victim models are facilitated with state-of-the-art defensive strategies.
Misleading Relation Classifiers by Substituting Words in Texts (2023.findings-acl)

Copied to clipboard

Challenge: Existing methods to generate adversarial examples for relation classification are vulnerable to adversarials.
Approach: They propose a method that uses most important parts of speech to substitute words with synonyms or hyponyms to generate adversarial texts of high quality.
Outcome: The proposed method can generate adversarial texts of high quality and most relationships can be correctly identified in the process of human evaluation.
Student Surpasses Teacher: Imitation Attack for Black-Box NLP APIs (2022.coling-1)

Copied to clipboard

Challenge: Existing MLaaS models are vulnerable to imitation attacks, but none of the stolen models can outperform the original black-box APIs.
Approach: They conduct unsupervised domain adaptation and multi-victim ensemble to show attackers could surpass victims.
Outcome: The proposed model outperforms the original black-box models on transferred domains.
TextVerifier: Robustness Verification for Textual Classifiers with Certifiable Guarantees (2023.findings-acl)

Copied to clipboard

Challenge: a textual classifier must withstand word-level alteration attacks due to inherent vulnerability.
Approach: They propose a formal verification framework with certifiable guarantees on deep neural networks in natural language processing against word-level alteration attacks.
Outcome: The proposed framework provides an approximation of the maximal safe radius with tight bounds . it yields an efficient speed edge and reliable anytime estimation .
Multi-granularity Textual Adversarial Attack with Behavior Cloning (2021.emnlp-main)

Copied to clipboard

Challenge: Existing adversarial attack models are vulnerable to adversarials crafted by human-imperceptible perturbations.
Approach: They propose a multi-granularity adversarial attack model that generates high-quality adversarials with fewer queries to victim models.
Outcome: The proposed model generates high-quality adversarial samples with fewer queries to victim models compared to baseline models . the proposed model also reduces query times for black-box models that only output labels without confidence scores .
Multi-target Backdoor Attacks for Code Pre-trained Models (2023.acl-long)

Copied to clipboard

Challenge: Existing work for backdoor attacks on neural code models insert triggers into task-specific data for code-related downstream tasks, limiting the scope of attacks.
Approach: They propose task-agnostic backdoor attacks for code pre-trained models . they use two learning strategies to implant backdoors into code understanding and generation models - Poisoned Seq2Seq learning and token representation learning .
Outcome: The proposed model is pre-trained with two learning strategies to support the multi-target attack of downstream code understanding and generation tasks.
Word-level Textual Adversarial Attacking as Combinatorial Optimization (2020.acl-main)

Copied to clipboard

Challenge: Existing word-level attack models are far from perfect because of unsuitable search space reduction methods and inefficient optimization algorithms.
Approach: They propose a novel adversarial adversarialist model that incorporates word substitution and particle swarm optimization to solve two problems separately.
Outcome: The proposed model achieves much higher success rates and crafts more high-quality adversarial examples as compared to baseline methods.
NatLogAttack: A Framework for Attacking Natural Language Inference Models with Natural Logic (2023.acl-long)

Copied to clipboard

Challenge: Despite the recent advances in distributed representation and neural networks, it remains an open question whether the models perform real reasoning to reach their conclusions or rely on spurious correlations.
Approach: They propose to use logic formalism to perform systematic attacks centring around natural logic to generate better adversarial examples with fewer visits to the victim models.
Outcome: The proposed framework generates better adversarial examples with fewer visits to the victim models.
A Black-Box Attack on Code Models via Representation Nearest Neighbor Search (2023.findings-emnlp)

Copied to clipboard

Challenge: Existing methods for generating adversarial code examples face challenges such as limted availability of substitute variables and the creation of adversarials with noticeable perturbations.
Approach: They propose a search seed based on historical attacks to find adversarial substitutes . they employ a pre-trained variable name encoder to map the search seed to a continuous vector space .
Outcome: The proposed approach outperforms baseline methods in terms of ASR and QT.
RedCoder: Automated Multi-Turn Red Teaming for Code LLMs (2026.acl-long)

Copied to clipboard

Challenge: Existing red-teaming approaches for code generation rely on extensive human effort and are prone to generating malicious code under adversarial environments.
Approach: They propose a red-teaming agent that engages victim models in multi-turn conversations to elicit vulnerable code.
Outcome: Experiments show that RedCoder outperforms red-teaming methods in inducing vulnerabilities in code generation.
XVD: Cross-Vocabulary Differentiable Training for Generative Adversarial Attacks (2024.lrec-main)

Copied to clipboard

Challenge: Existing approaches to create adversarial examples using tokens are not sufficient to ensure other desirable properties such as similarity to non-adversarial examples, linguistic fluency, and so forth.
Approach: They propose a method which leverages a set of pretrained language models to promote similarity to non-adversarial examples, linguistic fluency, and so forth.
Outcome: The proposed approach outperforms existing methods and is competitive with token-based approaches.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations