Detecting Backdoors in Deep Text Classifiers
You Guo, Jun Wang, Trevor Cohn
TL;DR
This paper introduces a robust, attack-agnostic method for detecting backdoors in deep text classifiers, effectively identifying model compromises without prior attack knowledge or training data access.
Contribution
It presents the first defense mechanism that generalizes to various backdoor attacks in text models without needing prior attack details or training resources.
Findings
High accuracy in detecting state-of-the-art backdoor attacks
Effective across multiple text classification tasks
Works with different model architectures
Abstract
Deep neural networks are vulnerable to adversarial attacks, such as backdoor attacks in which a malicious adversary compromises a model during training such that specific behaviour can be triggered at test time by attaching a specific word or phrase to an input. This paper considers the problem of diagnosing whether a model has been compromised and if so, identifying the backdoor trigger. We present the first robust defence mechanism that generalizes to several backdoor attacks against text classification models, without prior knowledge of the attack type, nor does our method require access to any (potentially compromised) training resources. Our experiments show that our technique is highly accurate at defending against state-of-the-art backdoor attacks, including data poisoning and weight poisoning, across a range of text classification tasks and model architectures. Our code will be…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Advanced Malware Detection Techniques
MethodsTest