@inproceedings{chan-etal-2020-poison,
title = "Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder",
author = "Chan, Alvin and
Tay, Yi and
Ong, Yew-Soon and
Zhang, Aston",
editor = "Cohn, Trevor and
He, Yulan and
Liu, Yang",
booktitle = "Findings of the Association for Computational Linguistics: EMNLP 2020",
month = nov,
year = "2020",
address = "Online",
publisher = "Association for Computational Linguistics",
url = "https://aclanthology.org/2020.findings-emnlp.373",
doi = "10.18653/v1/2020.findings-emnlp.373",
pages = "4175--4189",
abstract = "This paper demonstrates a fatal vulnerability in natural language inference (NLI) and text classification systems. More concretely, we present a {`}backdoor poisoning{'} attack on NLP models. Our poisoning attack utilizes conditional adversarially regularized autoencoder (CARA) to generate poisoned training samples by poison injection in latent space. Just by adding 1{\%} poisoned data, our experiments show that a victim BERT finetuned classifier{'}s predictions can be steered to the poison target class with success rates of $>80\%$ when the input hypothesis is injected with the poison signature, demonstrating that NLI and text classification systems face a huge security risk.",
}
<?xml version="1.0" encoding="UTF-8"?>
<modsCollection xmlns="http://www.loc.gov/mods/v3">
<mods ID="chan-etal-2020-poison">
<titleInfo>
<title>Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder</title>
</titleInfo>
<name type="personal">
<namePart type="given">Alvin</namePart>
<namePart type="family">Chan</namePart>
<role>
<roleTerm authority="marcrelator" type="text">author</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Yi</namePart>
<namePart type="family">Tay</namePart>
<role>
<roleTerm authority="marcrelator" type="text">author</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Yew-Soon</namePart>
<namePart type="family">Ong</namePart>
<role>
<roleTerm authority="marcrelator" type="text">author</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Aston</namePart>
<namePart type="family">Zhang</namePart>
<role>
<roleTerm authority="marcrelator" type="text">author</roleTerm>
</role>
</name>
<originInfo>
<dateIssued>2020-11</dateIssued>
</originInfo>
<typeOfResource>text</typeOfResource>
<relatedItem type="host">
<titleInfo>
<title>Findings of the Association for Computational Linguistics: EMNLP 2020</title>
</titleInfo>
<name type="personal">
<namePart type="given">Trevor</namePart>
<namePart type="family">Cohn</namePart>
<role>
<roleTerm authority="marcrelator" type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Yulan</namePart>
<namePart type="family">He</namePart>
<role>
<roleTerm authority="marcrelator" type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Yang</namePart>
<namePart type="family">Liu</namePart>
<role>
<roleTerm authority="marcrelator" type="text">editor</roleTerm>
</role>
</name>
<originInfo>
<publisher>Association for Computational Linguistics</publisher>
<place>
<placeTerm type="text">Online</placeTerm>
</place>
</originInfo>
<genre authority="marcgt">conference publication</genre>
</relatedItem>
<abstract>This paper demonstrates a fatal vulnerability in natural language inference (NLI) and text classification systems. More concretely, we present a ‘backdoor poisoning’ attack on NLP models. Our poisoning attack utilizes conditional adversarially regularized autoencoder (CARA) to generate poisoned training samples by poison injection in latent space. Just by adding 1% poisoned data, our experiments show that a victim BERT finetuned classifier’s predictions can be steered to the poison target class with success rates of >80% when the input hypothesis is injected with the poison signature, demonstrating that NLI and text classification systems face a huge security risk.</abstract>
<identifier type="citekey">chan-etal-2020-poison</identifier>
<identifier type="doi">10.18653/v1/2020.findings-emnlp.373</identifier>
<location>
<url>https://aclanthology.org/2020.findings-emnlp.373</url>
</location>
<part>
<date>2020-11</date>
<extent unit="page">
<start>4175</start>
<end>4189</end>
</extent>
</part>
</mods>
</modsCollection>
%0 Conference Proceedings
%T Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder
%A Chan, Alvin
%A Tay, Yi
%A Ong, Yew-Soon
%A Zhang, Aston
%Y Cohn, Trevor
%Y He, Yulan
%Y Liu, Yang
%S Findings of the Association for Computational Linguistics: EMNLP 2020
%D 2020
%8 November
%I Association for Computational Linguistics
%C Online
%F chan-etal-2020-poison
%X This paper demonstrates a fatal vulnerability in natural language inference (NLI) and text classification systems. More concretely, we present a ‘backdoor poisoning’ attack on NLP models. Our poisoning attack utilizes conditional adversarially regularized autoencoder (CARA) to generate poisoned training samples by poison injection in latent space. Just by adding 1% poisoned data, our experiments show that a victim BERT finetuned classifier’s predictions can be steered to the poison target class with success rates of >80% when the input hypothesis is injected with the poison signature, demonstrating that NLI and text classification systems face a huge security risk.
%R 10.18653/v1/2020.findings-emnlp.373
%U https://aclanthology.org/2020.findings-emnlp.373
%U https://doi.org/10.18653/v1/2020.findings-emnlp.373
%P 4175-4189
Markdown (Informal)
[Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder](https://aclanthology.org/2020.findings-emnlp.373) (Chan et al., Findings 2020)
ACL