Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Confer 2021
DOI: 10.18653/v1/2021.acl-long.37
|View full text |Cite
|
Sign up to set email alerts
|

Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger

Abstract: Backdoor attacks are a kind of insidious security threat against machine learning models. After being injected with a backdoor in training, the victim model will produce adversaryspecified outputs on the inputs embedded with predesigned triggers but behave properly on normal inputs during inference. As a sort of emergent attack, backdoor attacks in natural language processing (NLP) are investigated insufficiently. As far as we know, almost all existing textual backdoor attack methods insert additional contents… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
42
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
4

Relationship

2
7

Authors

Journals

citations
Cited by 63 publications
(63 citation statements)
references
References 34 publications
0
42
0
Order By: Relevance
“…Umass, on the other hand, uses synthetic questionanswer pairs generated by using unsupervised cloze translation [27]. The current SOTA method on BioASQ-7b and 8b, BioQAExternalFeatures uses externally extracted syntactic and lexical features of the questions and contexts along with the labels [56], possibly exposing to different adversarial attacks that may leverage syntactic and lexical knowledge-base from the dataset [41]. As the best performance in the BioASQ-9b, we calculate the best SAcc, LAcc, and MRR scores depending on the top scores in the BioASQ-9b leaderboard.…”
Section: Methods Comparisonmentioning
confidence: 99%
“…Umass, on the other hand, uses synthetic questionanswer pairs generated by using unsupervised cloze translation [27]. The current SOTA method on BioASQ-7b and 8b, BioQAExternalFeatures uses externally extracted syntactic and lexical features of the questions and contexts along with the labels [56], possibly exposing to different adversarial attacks that may leverage syntactic and lexical knowledge-base from the dataset [41]. As the best performance in the BioASQ-9b, we calculate the best SAcc, LAcc, and MRR scores depending on the top scores in the BioASQ-9b leaderboard.…”
Section: Methods Comparisonmentioning
confidence: 99%
“…Most backdoor triggers are fixed words [11,15,33,38,44] or sentences [6]. To make triggers invisible, some attackers design syntactic [26] or style [25] triggers, where backdoors activate when input texts of certain syntax or style. Besides, to avoid false activation, SOS [40] and LWP [17] adopt word combinations as triggers.…”
Section: Attackmentioning
confidence: 99%
“…On the attack side, various textual backdoor attack models have been proposed. As shown in Figure 1, they generate poisoned samples by inserting words [11,15], adding sentences [6], changing syntactic structure [26] or text style [25]. Textual backdoor attacks have achieved near 100% attack success rate (ASR) with little drop in clean accuracy (CACC).…”
Section: Introductionmentioning
confidence: 99%
“…Additionally, a parallel work (Qi et al, 2021) proposes to use the syntactic structure as the trigger in textual backdoor attacks, which also has high invisibility. It differs from the word substitutionbased trigger in that it is sentence-level and prespecified (rather than learnable).…”
Section: Related Workmentioning
confidence: 99%