Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution

Add code
Jun 11, 2021
Fanchao Qi, Yuan Yao, Sophia Xu, Zhiyuan Liu, Maosong Sun
Figure 1 for Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution
Figure 2 for Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution
Figure 3 for Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution
Figure 4 for Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Recent studies show that neural natural language processing (NLP) models are vulnerable to backdoor attacks. Injected with backdoors, models perform normally on benign examples but produce attacker-specified predictions when the backdoor is activated, presenting serious security threats to real-world applications. Since existing textual backdoor attacks pay little attention to the invisibility of backdoors, they can be easily detected and blocked. In this work, we present invisible backdoors that are activated by a learnable combination of word substitution. We show that NLP models can be injected with backdoors that lead to a nearly 100% attack success rate, whereas being highly invisible to existing defense strategies and even human inspections. The results raise a serious alarm to the security of NLP models, which requires further research to be resolved. All the data and code of this paper are released at https://github.com/thunlp/BkdAtk-LWS.

* Accepted by the main conference of ACL-IJCNLP as a long paper. Camera-ready version  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon