He, Xuanli; Wang, Jun; Rubinstein, Benjamin; Cohn, Trevor; (2023) IMBERT: Making BERT Immune to Insertion-based Backdoor Attacks. In: Ovalle, Anaelia and Chang, Kai-Wei and Mehrabi, Ninareh and Pruksachatkun,, Yada and Galystan, Aram and Dhamala, Jwala and Verma, Apurv and Cao, Trista and Kumar, Anoop and Gupta, Rahul, (eds.) Proceedings of the 3rd Workshop on Trustworthy Natural Language Processing (TrustNLP 2023). (pp. pp. 287-301). Association for Computational Linguistics: Toronto, Canada.

Preview

PDF 2023.trustnlp-1.25.pdf - Published Version Download (2MB) | Preview

Abstract

Backdoor attacks are an insidious security threat against machine learning models. Adversaries can manipulate the predictions of compromised models by inserting triggers into the training phase. Various backdoor attacks have been devised which can achieve nearly perfect attack success without affecting model predictions for clean inputs. Means of mitigating such vulnerabilities are underdeveloped, especially in natural language processing. To fill this gap, we introduce IMBERT, which uses either gradients or self-attention scores derived from victim models to self-defend against backdoor attacks at inference time. Our empirical studies demonstrate that IMBERT can effectively identify up to 98.5% of inserted triggers. Thus, it significantly reduces the attack success rate while attaining competitive accuracy on the clean dataset across widespread insertion-based attacks compared to two baselines. Finally, we show that our approach is model-agnostic, and can be easily ported to several pre-trained transformer models.

Download activity - last month

Export as JSONCSVXML

Download activity - last 12 months

Export as JSONCSVXML

Downloads by country - last 12 months

Export as JSONCSVXML

Archive Staff Only

View Item