Pass off Fish Eyes for Pearls: Attacking Model Selection of Pre-trained Models

Biru Zhu, Yujia Qin, Fanchao Qi, Yangdong Deng, Zhiyuan Liu, Maosong Sun, Ming Gu


Abstract
Selecting an appropriate pre-trained model (PTM) for a specific downstream task typically requires significant efforts of fine-tuning. To accelerate this process, researchers propose feature-based model selection (FMS) methods, which assess PTMs’ transferability to a specific task in a fast way without fine-tuning. In this work, we argue that current FMS methods are vulnerable, as the assessment mainly relies on the static features extracted from PTMs. However, such features are derived without training PTMs on downstream tasks, and are not necessarily reliable indicators for the PTM’s transferability. To validate our viewpoints, we design two methods to evaluate the robustness of FMS: (1) model disguise attack, which post-trains an inferior PTM with a contrastive objective, and (2) evaluation data selection, which selects a subset of the data points for FMS evaluation based on K-means clustering. Experimental results prove that both methods can successfully make FMS mistakenly judge the transferability of PTMs. Moreover, we find that these two methods can further be combined with the backdoor attack to misguide the FMS to select poisoned models. To the best of our knowledge, this is the first work to demonstrate the defects of current FMS algorithms and evaluate their potential security risks. By identifying previously unseen risks of FMS, our study indicates new directions for improving the robustness of FMS.
Anthology ID:
2022.acl-long.347
Original:
2022.acl-long.347v1
Version 2:
2022.acl-long.347v2
Volume:
Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)
Month:
May
Year:
2022
Address:
Dublin, Ireland
Editors:
Smaranda Muresan, Preslav Nakov, Aline Villavicencio
Venue:
ACL
SIG:
Publisher:
Association for Computational Linguistics
Note:
Pages:
5060–5072
Language:
URL:
https://aclanthology.org/2022.acl-long.347
DOI:
10.18653/v1/2022.acl-long.347
Bibkey:
Cite (ACL):
Biru Zhu, Yujia Qin, Fanchao Qi, Yangdong Deng, Zhiyuan Liu, Maosong Sun, and Ming Gu. 2022. Pass off Fish Eyes for Pearls: Attacking Model Selection of Pre-trained Models. In Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pages 5060–5072, Dublin, Ireland. Association for Computational Linguistics.
Cite (Informal):
Pass off Fish Eyes for Pearls: Attacking Model Selection of Pre-trained Models (Zhu et al., ACL 2022)
Copy Citation:
PDF:
https://preview.aclanthology.org/naacl24-info/2022.acl-long.347.pdf
Software:
 2022.acl-long.347.software.zip
Code
 thunlp/model-selection-attack
Data
GLUEIMDb Movie ReviewsOLIDQNLISSTSST-2