Maximum Entropy Loss, the Silver Bullet Targeting Backdoor Attacks in Pre-trained Language Models

被引：0

作者：

Liu, Zhengxiao ^{[1
,2
]}

Shen, Bowen ^{[1
,2
]}

Lin, Zheng ^{[1
,2
]}

Wang, Fali ^{[3
]}

Wang, Weiping ^{[1
]}

机构：

[1] Chinese Acad Sci, Inst Informat Engn, Beijing, Peoples R China

[2] Univ Chinese Acad Sci, Sch Cyber Secur, Beijing, Peoples R China

[3] Penn State Univ, State Coll, PA USA

来源：

FINDINGS OF THE ASSOCIATION FOR COMPUTATIONAL LINGUISTICS, ACL 2023 | 2023年

基金：

中国国家自然科学基金;

关键词：

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Pre-trained language model (PLM) can be stealthily misled to target outputs by backdoor attacks when encountering poisoned samples, without performance degradation on clean samples. The stealthiness of backdoor attacks is commonly attained through minimal cross-entropy loss fine-tuning on a union of poisoned and clean samples. Existing defense paradigms provide a workaround by detecting and removing poisoned samples at pre-training or inference time. On the contrary, we provide a new perspective where the backdoor attack is directly reversed. Specifically, maximum entropy loss is incorporated in training to neutralize the minimal cross-entropy loss fine-tuning on poisoned data. We defend against a range of backdoor attacks on classification tasks and significantly lower the attack success rate. In extension, we explore the relationship between intended backdoor attacks and unintended dataset bias, and demonstrate the feasibility of the maximum entropy principle in de-biasing.

引用

页码：3850 / 3868

页数：19

共 50 条

[1] UOR: Universal Backdoor Attacks on Pre-trained Language Models
Du, Wei
Li, Peixuan
Zhao, Haodong
Ju, Tianjie
Ren, Ge
Liu, Gongshen
FINDINGS OF THE ASSOCIATION FOR COMPUTATIONAL LINGUISTICS: ACL 2024, 2024, : 7865 - 7877
[2] Aliasing Backdoor Attacks on Pre-trained Models
Wei, Cheng'an
Lee, Yeonjoon
Chen, Kai
Meng, Guozhu
Lv, Peizhuo
PROCEEDINGS OF THE 32ND USENIX SECURITY SYMPOSIUM, 2023, : 2707 - 2724
[3] Backdoor Attacks on Pre-trained Models by Layerwise Weight Poisoning
Li, Linyang
Song, Demin
Li, Xiaonan
Zeng, Jiehang
Ma, Ruotian
Qiu, Xipeng
2021 CONFERENCE ON EMPIRICAL METHODS IN NATURAL LANGUAGE PROCESSING (EMNLP 2021), 2021, : 3023 - 3032
[4] CBAs: Character-level Backdoor Attacks against Chinese Pre-trained Language Models
He, Xinyu
Hao, Fengrui
Gu, Tianlong
Chang, Liang
ACM TRANSACTIONS ON PRIVACY AND SECURITY, 2024, 27 (03)
[5] Defending Pre-trained Language Models as Few-shot Learners against Backdoor Attacks
Xi, Zhaohan
Du, Tianyu
Li, Changjiang
Pang, Ren
Ji, Shouling
Chen, Jinghui
Ma, Fenglong
Wang, Ting
ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 36 (NEURIPS 2023), 2023,
[6] Multi-target Backdoor Attacks for Code Pre-trained Models
Li, Yanzhou
Liu, Shangqing
Chen, Kangjie
Xie, Xiaofei
Zhang, Tianwei
Liu, Yang
PROCEEDINGS OF THE 61ST ANNUAL MEETING OF THE ASSOCIATION FOR COMPUTATIONAL LINGUISTICS, ACL 2023, VOL 1, 2023, : 7236 - 7254
[7] PPT: Backdoor Attacks on Pre-trained Models via Poisoned Prompt Tuning
Du, Wei
Zhao, Yichun
Li, Boqun
Liu, Gongshen
Wang, Shilin
PROCEEDINGS OF THE THIRTY-FIRST INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, IJCAI 2022, 2022, : 680 - 686
[8] Backdoor Attacks Against Transfer Learning With Pre-Trained Deep Learning Models
Wang, Shuo
Nepal, Surya
Rudolph, Carsten
Grobler, Marthie
Chen, Shangyu
Chen, Tianle
IEEE TRANSACTIONS ON SERVICES COMPUTING, 2022, 15 (03) : 1526 - 1539
[9] Moderate-fitting as a Natural Backdoor Defender for Pre-trained Language Models
Zhu, Biru
Qin, Yujia
Cui, Ganqu
Chen, Yangyi
Zhao, Weilin
Fu, Chong
Deng, Yangdong
Liu, Zhiyuan
Wang, Jingang
Wu, Wei
Sun, Maosong
Gu, Ming
ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 35 (NEURIPS 2022), 2022,
[10] Unveiling potential threats: backdoor attacks in single-cell pre-trained models
Feng, Sicheng
Li, Siyu
Chen, Luonan
Chen, Shengquan
CELL DISCOVERY, 2024, 10 (01)

← 1 2 3 4 5 →