Two Heads are Better than One: Nested PoE for Robust Defense Against Multi-Backdoors

Victoria Graf, Qin Liu, Muhao Chen

Abstract
Data poisoning backdoor attacks can cause undesirable behaviors in large language models (LLMs), and defending against them is of increasing importance. Existing defense mechanisms often assume that only one type of trigger is adopted by the attacker, while defending against multiple simultaneous and independent trigger types necessitates general defense frameworks and is relatively unexplored. In this paper, we propose Nested Product of Experts (NPoE) defense framework, which involves a mixture of experts (MoE) as a trigger-only ensemble within the PoE defense framework to simultaneously defend against multiple trigger types. During NPoE training, the main modelis trained in an ensemble with a mixture of smaller expert models that learn the features of backdoor triggers. At inference time, only the main model is used. Experimental results on sentiment analysis, hate speech detection, and question classification tasks demonstrate that NPoE effectively defends against a variety of triggers both separately and in trigger mixtures. Due to the versatility of the MoE structure in NPoE, this framework can be further expanded to defend against other attack settings.
Anthology ID:
2024.naacl-long.40
Volume:
Proceedings of the 2024 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1: Long Papers)
Month:
June
Year:
2024
Address:
Mexico City, Mexico
Editors:
Kevin Duh, Helena Gomez, Steven Bethard
Venue:
NAACL
SIG:
Publisher:
Association for Computational Linguistics
Note:
Pages:
706–718
Language:
URL:
https://aclanthology.org/2024.naacl-long.40
DOI:
10.18653/v1/2024.naacl-long.40
Bibkey:
Cite (ACL):
Victoria Graf, Qin Liu, and Muhao Chen. 2024. Two Heads are Better than One: Nested PoE for Robust Defense Against Multi-Backdoors. In Proceedings of the 2024 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1: Long Papers), pages 706–718, Mexico City, Mexico. Association for Computational Linguistics.
Cite (Informal):
Two Heads are Better than One: Nested PoE for Robust Defense Against Multi-Backdoors (Graf et al., NAACL 2024)
Copy Citation:
PDF:
https://preview.aclanthology.org/nschneid-patch-4/2024.naacl-long.40.pdf
PDF Search