@inproceedings{zhang-etal-2025-badwindtunnel,
    title = "{B}ad{W}indtunnel: Defending Backdoor in High-noise Simulated Training with Confidence Variance",
    author = "Zhang, Ruyi  and
      Jian, Songlei  and
      Tan, Yusong  and
      Gao, Heng  and
      Zhou, Haifang  and
      Lu, Kai",
    editor = "Che, Wanxiang  and
      Nabende, Joyce  and
      Shutova, Ekaterina  and
      Pilehvar, Mohammad Taher",
    booktitle = "Findings of the Association for Computational Linguistics: ACL 2025",
    month = jul,
    year = "2025",
    address = "Vienna, Austria",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/mtsummit-25-ingestion/2025.findings-acl.482/",
    doi = "10.18653/v1/2025.findings-acl.482",
    pages = "9259--9273",
    ISBN = "979-8-89176-256-5",
    abstract = "Current backdoor attack defenders in Natural Language Processing (NLP) typically involve data reduction or model pruning, risking losing crucial information. To address this challenge, we introduce a novel backdoor defender, i.e., BadWindtunnel, in which we build a high-noise simulated training environment, similar to the wind tunnel, which allows precise control over training conditions to model the backdoor learning behavior without affecting the final model. We also use the confidence variance as a learning behavior quantification metric in the simulated training, which is based on the characteristics of backdoor-poisoned data (shorted in poisoned data): higher learnability and robustness. In addition, we propose a two-step strategy to further model poisoned data, including target label identification and poisoned data revealing. Extensive experiments demonstrate BadWindtunnel{'}s superiority, with a 21{\%} higher average reduction in attack success rate than the second-best defender."
}