TL;DR
This paper introduces TFLexAttack, a novel training-free lexical backdoor attack on language models that manipulates tokenizers' embedding dictionaries to stealthily embed triggers, demonstrating effectiveness across multiple NLP tasks and models.
Contribution
It presents the first training-free backdoor attack method on language models by manipulating tokenizer embeddings, enhancing stealthiness and broadening attack applicability.
Findings
Effective across three NLP tasks and nine models.
High stealthiness due to sparse dictionary manipulation.
Demonstrates universality and practicality of the attack.
Abstract
Large-scale language models have achieved tremendous success across various natural language processing (NLP) applications. Nevertheless, language models are vulnerable to backdoor attacks, which inject stealthy triggers into models for steering them to undesirable behaviors. Most existing backdoor attacks, such as data poisoning, require further (re)training or fine-tuning language models to learn the intended backdoor patterns. The additional training process however diminishes the stealthiness of the attacks, as training a language model usually requires long optimization time, a massive amount of data, and considerable modifications to the model parameters. In this work, we propose Training-Free Lexical Backdoor Attack (TFLexAttack) as the first training-free backdoor attack on language models. Our attack is achieved by injecting lexical triggers into the tokenizer of a language…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
