Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2407.04179 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866911945509044224 |
|---|---|
| author | Li, Xinglin He, Xianwen Li, Yao Cheng, Minhao |
| author_facet | Li, Xinglin He, Xianwen Li, Yao Cheng, Minhao |
| contents | Textual backdoor attacks present a substantial security risk to Large Language Models (LLM). It embeds carefully chosen triggers into a victim model at the training stage, and makes the model erroneously predict inputs containing the same triggers as a certain class. Prior backdoor defense methods primarily target special token-based triggers, leaving syntax-based triggers insufficiently addressed. To fill this gap, this paper proposes a novel online defense algorithm that effectively counters syntax-based as well as special token-based backdoor attacks. The algorithm replaces semantically meaningful words in sentences with entirely different ones but preserves the syntactic templates or special tokens, and then compares the predicted labels before and after the substitution to determine whether a sentence contains triggers. Experimental results confirm the algorithm's performance against these two types of triggers, offering a comprehensive defense strategy for model integrity. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2407_04179 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | Defense Against Syntactic Textual Backdoor Attacks with Token Substitution Li, Xinglin He, Xianwen Li, Yao Cheng, Minhao Computation and Language Textual backdoor attacks present a substantial security risk to Large Language Models (LLM). It embeds carefully chosen triggers into a victim model at the training stage, and makes the model erroneously predict inputs containing the same triggers as a certain class. Prior backdoor defense methods primarily target special token-based triggers, leaving syntax-based triggers insufficiently addressed. To fill this gap, this paper proposes a novel online defense algorithm that effectively counters syntax-based as well as special token-based backdoor attacks. The algorithm replaces semantically meaningful words in sentences with entirely different ones but preserves the syntactic templates or special tokens, and then compares the predicted labels before and after the substitution to determine whether a sentence contains triggers. Experimental results confirm the algorithm's performance against these two types of triggers, offering a comprehensive defense strategy for model integrity. |
| title | Defense Against Syntactic Textual Backdoor Attacks with Token Substitution |
| topic | Computation and Language |
| url | https://arxiv.org/abs/2407.04179 |