Saved in:
Bibliographic Details
Main Authors: Li, Xinglin, He, Xianwen, Li, Yao, Cheng, Minhao
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2407.04179
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911945509044224
author Li, Xinglin
He, Xianwen
Li, Yao
Cheng, Minhao
author_facet Li, Xinglin
He, Xianwen
Li, Yao
Cheng, Minhao
contents Textual backdoor attacks present a substantial security risk to Large Language Models (LLM). It embeds carefully chosen triggers into a victim model at the training stage, and makes the model erroneously predict inputs containing the same triggers as a certain class. Prior backdoor defense methods primarily target special token-based triggers, leaving syntax-based triggers insufficiently addressed. To fill this gap, this paper proposes a novel online defense algorithm that effectively counters syntax-based as well as special token-based backdoor attacks. The algorithm replaces semantically meaningful words in sentences with entirely different ones but preserves the syntactic templates or special tokens, and then compares the predicted labels before and after the substitution to determine whether a sentence contains triggers. Experimental results confirm the algorithm's performance against these two types of triggers, offering a comprehensive defense strategy for model integrity.
format Preprint
id arxiv_https___arxiv_org_abs_2407_04179
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Defense Against Syntactic Textual Backdoor Attacks with Token Substitution
Li, Xinglin
He, Xianwen
Li, Yao
Cheng, Minhao
Computation and Language
Textual backdoor attacks present a substantial security risk to Large Language Models (LLM). It embeds carefully chosen triggers into a victim model at the training stage, and makes the model erroneously predict inputs containing the same triggers as a certain class. Prior backdoor defense methods primarily target special token-based triggers, leaving syntax-based triggers insufficiently addressed. To fill this gap, this paper proposes a novel online defense algorithm that effectively counters syntax-based as well as special token-based backdoor attacks. The algorithm replaces semantically meaningful words in sentences with entirely different ones but preserves the syntactic templates or special tokens, and then compares the predicted labels before and after the substitution to determine whether a sentence contains triggers. Experimental results confirm the algorithm's performance against these two types of triggers, offering a comprehensive defense strategy for model integrity.
title Defense Against Syntactic Textual Backdoor Attacks with Token Substitution
topic Computation and Language
url https://arxiv.org/abs/2407.04179