Putting words into the system's mouth: A targeted attack on neural machine translation using monolingual data poisoning

TL;DR

This paper reveals that neural machine translation systems are vulnerable to training-time poisoning attacks using minimal monolingual data, which can induce targeted misinformation, highlighting a critical security blind-spot.

Contribution

The paper introduces a novel poisoning attack on NMT systems using monolingual data, demonstrating its effectiveness with minimal data and proposing a partial defense method.

Findings

Tiny poisoning samples (0.02%) can cause targeted translation manipulation.

Two methods for crafting poisoned examples are effective.

A defense approach can partly mitigate the attack.

Abstract

Neural machine translation systems are known to be vulnerable to adversarial test inputs, however, as we show in this paper, these systems are also vulnerable to training attacks. Specifically, we propose a poisoning attack in which a malicious adversary inserts a small poisoned sample of monolingual text into the training set of a system trained using back-translation. This sample is designed to induce a specific, targeted translation behaviour, such as peddling misinformation. We present two methods for crafting poisoned examples, and show that only a tiny handful of instances, amounting to only 0.02% of the training set, is sufficient to enact a successful attack. We outline a defence method against said attacks, which partly ameliorates the problem. However, we stress that this is a blind-spot in modern NMT, demanding immediate attention.