Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers

Wencong You, Zayd Hammoudeh, Daniel Lowd

Abstract
Backdoor attacks manipulate model predictions by inserting innocuous triggers into training and test data. We focus on more realistic and more challenging clean-label attacks where the adversarial training examples are correctly labeled. Our attack, LLMBkd, leverages language models to automatically insert diverse style-based triggers into texts. We also propose a poison selection technique to improve the effectiveness of both LLMBkd as well as existing textual backdoor attacks. Lastly, we describe REACT, a baseline defense to mitigate backdoor attacks via antidote training examples. Our evaluations demonstrate LLMBkd’s effectiveness and efficiency, where we consistently achieve high attack success rates across a wide range of styles with little effort and no model training.
Anthology ID:
2023.findings-emnlp.833
Volume:
Findings of the Association for Computational Linguistics: EMNLP 2023
Month:
December
Year:
2023
Address:
Singapore
Editors:
Houda Bouamor, Juan Pino, Kalika Bali
Venue:
Findings
SIG:
Publisher:
Association for Computational Linguistics
Note:
Pages:
12499–12527
Language:
URL:
https://preview.aclanthology.org/add-emnlp-2024-awards/2023.findings-emnlp.833/
DOI:
10.18653/v1/2023.findings-emnlp.833
Bibkey:
Cite (ACL):
Wencong You, Zayd Hammoudeh, and Daniel Lowd. 2023. Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers. In Findings of the Association for Computational Linguistics: EMNLP 2023, pages 12499–12527, Singapore. Association for Computational Linguistics.
Cite (Informal):
Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers (You et al., Findings 2023)
Copy Citation:
PDF:
https://preview.aclanthology.org/add-emnlp-2024-awards/2023.findings-emnlp.833.pdf
PDF Cite Search Fix data