Saved in:
Bibliographic Details
Main Authors: Hong, Lauren, Wang, Ting
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2310.00648
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911818662805504
author Hong, Lauren
Wang, Ting
author_facet Hong, Lauren
Wang, Ting
contents Parameter-efficient fine-tuning (PEFT) enables efficient adaptation of pre-trained language models (PLMs) to specific tasks. By tuning only a minimal set of (extra) parameters, PEFT achieves performance that is comparable to standard fine-tuning. However, despite its prevalent use, the security implications of PEFT remain largely unexplored. In this paper, we take the initial steps and present PETA, a novel trojan attack that compromises the weights of PLMs by accounting for downstream adaptation through bilevel optimization: the upper-level objective embeds the backdoor into a model while the lower-level objective simulates PEFT to both retain the PLM's task-specific performance and ensure that the backdoor persists after fine-tuning. With extensive evaluation across a variety of downstream tasks and trigger designs, we demonstrate PETA's effectiveness in terms of both attack success rate and clean accuracy, even when the attacker does not have full knowledge of the victim user's training process.
format Preprint
id arxiv_https___arxiv_org_abs_2310_00648
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle PETA: Parameter-Efficient Trojan Attacks
Hong, Lauren
Wang, Ting
Computation and Language
Parameter-efficient fine-tuning (PEFT) enables efficient adaptation of pre-trained language models (PLMs) to specific tasks. By tuning only a minimal set of (extra) parameters, PEFT achieves performance that is comparable to standard fine-tuning. However, despite its prevalent use, the security implications of PEFT remain largely unexplored. In this paper, we take the initial steps and present PETA, a novel trojan attack that compromises the weights of PLMs by accounting for downstream adaptation through bilevel optimization: the upper-level objective embeds the backdoor into a model while the lower-level objective simulates PEFT to both retain the PLM's task-specific performance and ensure that the backdoor persists after fine-tuning. With extensive evaluation across a variety of downstream tasks and trigger designs, we demonstrate PETA's effectiveness in terms of both attack success rate and clean accuracy, even when the attacker does not have full knowledge of the victim user's training process.
title PETA: Parameter-Efficient Trojan Attacks
topic Computation and Language
url https://arxiv.org/abs/2310.00648