تقرير
Defending against Insertion-based Textual Backdoor Attacks via Attribution
| العنوان: | Defending against Insertion-based Textual Backdoor Attacks via Attribution |
|---|---|
| المؤلفون: | Li, Jiazhao, Wu, Zhuofeng, Ping, Wei, Xiao, Chaowei, Vydiswaran, V. G. Vinod |
| المصدر: | Findings of ACL 2023, July 2023, Page 8818-8833, Toronto, Canada |
| سنة النشر: | 2023 |
| المجموعة: | Computer Science |
| مصطلحات موضوعية: | Computer Science - Computation and Language, Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security, Computer Science - Machine Learning |
| الوصف: | Textual backdoor attack, as a novel attack model, has been shown to be effective in adding a backdoor to the model during training. Defending against such backdoor attacks has become urgent and important. In this paper, we propose AttDef, an efficient attribution-based pipeline to defend against two insertion-based poisoning attacks, BadNL and InSent. Specifically, we regard the tokens with larger attribution scores as potential triggers since larger attribution words contribute more to the false prediction results and therefore are more likely to be poison triggers. Additionally, we further utilize an external pre-trained language model to distinguish whether input is poisoned or not. We show that our proposed method can generalize sufficiently well in two common attack scenarios (poisoning training data and testing data), which consistently improves previous methods. For instance, AttDef can successfully mitigate both attacks with an average accuracy of 79.97% (56.59% up) and 48.34% (3.99% up) under pre-training and post-training attack defense respectively, achieving the new state-of-the-art performance on prediction recovery over four benchmark datasets. Comment: Findings of ACL 2023. Camera-ready version |
| نوع الوثيقة: | Working Paper |
| URL الوصول: | http://arxiv.org/abs/2305.02394 |
| رقم الأكسشن: | edsarx.2305.02394 |
| قاعدة البيانات: | arXiv |
| الوصف غير متاح. |