Haibin Ling
2024
Task-Agnostic Detector for Insertion-Based Backdoor Attacks
Weimin Lyu
|
Xiao Lin
|
Songzhu Zheng
|
Lu Pang
|
Haibin Ling
|
Susmit Jha
|
Chao Chen
Findings of the Association for Computational Linguistics: NAACL 2024
Textual backdoor attacks pose significant security threats. Current detection approaches, typically relying on intermediate feature representation or reconstructing potential triggers, are task-specific and less effective beyond sentence classification, struggling with tasks like question answering and named entity recognition. We introduce TABDet (Task-Agnostic Backdoor Detector), a pioneering task-agnostic method for backdoor detection. TABDet leverages final layer logits combined with an efficient pooling technique, enabling unified logit representation across three prominent NLP tasks. TABDet can jointly learn from diverse task-specific models, demonstrating superior detection efficacy over traditional task-specific methods.
2023
Attention-Enhancing Backdoor Attacks Against BERT-based Models
Weimin Lyu
|
Songzhu Zheng
|
Lu Pang
|
Haibin Ling
|
Chao Chen
Findings of the Association for Computational Linguistics: EMNLP 2023
Recent studies have revealed that Backdoor Attacks can threaten the safety of natural language processing (NLP) models. Investigating the strategies of backdoor attacks will help to understand the model’s vulnerability. Most existing textual backdoor attacks focus on generating stealthy triggers or modifying model weights. In this paper, we directly target the interior structure of neural networks and the backdoor mechanism. We propose a novel Trojan Attention Loss (TAL), which enhances the Trojan behavior by directly manipulating the attention patterns. Our loss can be applied to different attacking methods to boost their attack efficacy in terms of attack successful rates and poisoning rates. It applies to not only traditional dirty-label attacks, but also the more challenging clean-label attacks. We validate our method on different backbone models (BERT, RoBERTa, and DistilBERT) and various tasks (Sentiment Analysis, Toxic Detection, and Topic Classification).
Search
Fix data
Co-authors
- Chao Chen 2
- Weimin Lyu 2
- Lu Pang 2
- Songzhu Zheng 2
- Susmit Jha 1
- show all...
- Xiao Lin 1