MSDT: Masked Language Model Scoring Defense in Text Domain

TL;DR

This paper introduces MSDT, a novel defense method against textual backdoor attacks in NLP models, demonstrating superior performance over existing defenses on specific datasets.

Contribution

The paper proposes MSDT, an improved textual backdoor defense technique that outperforms current algorithms in defending NLP models against backdoor attacks.

Findings

MSDT effectively detects and mitigates backdoor triggers in text models.

Experimental results show MSDT outperforms existing defenses on certain datasets.

The method enhances the security of NLP models against malicious backdoor attacks.

Abstract

Pre-trained language models allowed us to process downstream tasks with the help of fine-tuning, which aids the model to achieve fairly high accuracy in various Natural Language Processing (NLP) tasks. Such easily-downloaded language models from various websites empowered the public users as well as some major institutions to give a momentum to their real-life application. However, it was recently proven that models become extremely vulnerable when they are backdoor attacked with trigger-inserted poisoned datasets by malicious users. The attackers then redistribute the victim models to the public to attract other users to use them, where the models tend to misclassify when certain triggers are detected within the training sample. In this paper, we will introduce a novel improved textual backdoor defense method, named MSDT, that outperforms the current existing defensive algorithms in specific datasets. The experimental results illustrate that our method can be effective and constructive in terms of defending against backdoor attack in text domain. Code is available at https://github.com/jcroh0508/MSDT.