Salvato in:
Dettagli Bibliografici
Autori principali: Alekseevskaia, Irina, Arkhipenko, Konstantin
Natura: Preprint
Pubblicazione: 2024
Soggetti:
Accesso online:https://arxiv.org/abs/2402.07689
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866910401315209216
author Alekseevskaia, Irina
Arkhipenko, Konstantin
author_facet Alekseevskaia, Irina
Arkhipenko, Konstantin
contents The use of third-party datasets and pre-trained machine learning models poses a threat to NLP systems due to possibility of hidden backdoor attacks. Existing attacks involve poisoning the data samples such as insertion of tokens or sentence paraphrasing, which either alter the semantics of the original texts or can be detected. Our main difference from the previous work is that we use the reposition of a two words in a sentence as a trigger. By designing and applying specific part-of-speech (POS) based rules for selecting these tokens, we maintain high attack success rate on SST-2 and AG classification datasets while outperforming existing attacks in terms of perplexity and semantic similarity to the clean samples. In addition, we show the robustness of our attack to the ONION defense method. All the code and data for the paper can be obtained at https://github.com/alekseevskaia/OrderBkd.
format Preprint
id arxiv_https___arxiv_org_abs_2402_07689
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle OrderBkd: Textual backdoor attack through repositioning
Alekseevskaia, Irina
Arkhipenko, Konstantin
Computation and Language
Artificial Intelligence
The use of third-party datasets and pre-trained machine learning models poses a threat to NLP systems due to possibility of hidden backdoor attacks. Existing attacks involve poisoning the data samples such as insertion of tokens or sentence paraphrasing, which either alter the semantics of the original texts or can be detected. Our main difference from the previous work is that we use the reposition of a two words in a sentence as a trigger. By designing and applying specific part-of-speech (POS) based rules for selecting these tokens, we maintain high attack success rate on SST-2 and AG classification datasets while outperforming existing attacks in terms of perplexity and semantic similarity to the clean samples. In addition, we show the robustness of our attack to the ONION defense method. All the code and data for the paper can be obtained at https://github.com/alekseevskaia/OrderBkd.
title OrderBkd: Textual backdoor attack through repositioning
topic Computation and Language
Artificial Intelligence
url https://arxiv.org/abs/2402.07689