Efficient Trigger Word Insertion

With the rapid advancements in the natural language processing (NLP) domain in recent years, the emergence of backdoor attacks presents substantial threats to deep neural network models. However, prior research has often overlooked the influence of the poisoning rate. This paper aims to address this...

Full description

Saved in:
Bibliographic Details
Main Authors: Zeng, Yueqi, Li, Ziqiang, Xia, Pengfei, Liu, Lei, Li, Bin
Format: Conference Proceeding
Language:English
Subjects:
data efficiency
Diversity reception
Indexes
Natural language processing
Optimization
Task analysis
text backdoor attacks
Text categorization
Training data
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the rapid advancements in the natural language processing (NLP) domain in recent years, the emergence of backdoor attacks presents substantial threats to deep neural network models. However, prior research has often overlooked the influence of the poisoning rate. This paper aims to address this gap by prioritizing the reduction of poisoned samples while still attaining a comparable Attack Success Rate (ASR) in the context of text backdoor attacks. Our primary focus revolves around introducing an efficient strategy for trigger word insertion, encompassing both trigger word optimization and poisoned sample selection. To achieve our objectives, extensive experiments were conducted across diverse datasets and models, showcasing the significant enhancements brought forth by our proposed methodology in the realm of text classification tasks. Remarkable outcomes include an ASR surpassing 90%, utilizing a mere 10 poisoned samples in the dirty-label setting, and delivering compelling performance with only 1.5% of the training data in the clean-label setting.
ISSN:2771-6902
DOI:10.1109/BigDIA60676.2023.10429630