BadLLM-TG: A Backdoor Defender powered by LLM Trigger Generator

TL;DR

This paper introduces BadLLM-TG, a novel backdoor defense method for NLP that uses large language models to generate triggers for identifying and mitigating backdoor attacks, significantly reducing attack success rates.

Contribution

It presents a new trigger generation approach leveraging LLMs and reinforcement learning, overcoming discrete text challenges for backdoor defense in NLP.

Findings

Reduces attack success rate by 76.2% on average

Outperforms existing defenders by 13.7%

Effective in identifying and mitigating backdoor triggers

Abstract

Backdoor attacks compromise model reliability by using triggers to manipulate outputs. Trigger inversion can accurately locate these triggers via a generator and is therefore critical for backdoor defense. However, the discrete nature of text prevents existing noise-based trigger generator from being applied to nature language processing (NLP). To overcome the limitations, we employ the rich knowledge embedded in large language models (LLMs) and propose a Backdoor defender powered by LLM Trigger Generator, termed BadLLM-TG. It is optimized through prompt-driven reinforcement learning, using the victim model's feedback loss as the reward signal. The generated triggers are then employed to mitigate the backdoor via adversarial training. Experiments show that our method reduces the attack success rate by 76.2\% on average, outperforming the second-best defender by 13.7.