CISPA
Browse
2023.acl-long.867.pdf (426.07 kB)

NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models

Download (426.07 kB)
conference contribution
posted on 2024-02-09, 09:22 authored by Kai Mei, Zheng Li, Zhenting Wang, yang Zhang, Shiqing Ma
Prompt-based learning is vulnerable to backdoor attacks. Existing backdoor attacks against prompt-based models consider injecting backdoors into the entire embedding layers or word embedding vectors. Such attacks can be easily affected by retraining on downstream tasks and with different prompting strategies, limiting the transferability of backdoor attacks. In this work, we propose transferable backdoor attacks against prompt-based models, called NOTABLE, which is independent of downstream tasks and prompting strategies. Specifically, NOTABLE injects backdoors into the encoders of PLMs by utilizing an adaptive verbalizer to bind triggers to specific words (i.e., anchors). It activates the backdoor by pasting input with triggers to reach adversary-desired anchors, achieving independence from downstream tasks and prompting strategies. We conduct experiments on six NLP tasks, three popular models, and three prompting strategies. Empirical results show that NOTABLE achieves superior attack performance (i.e., attack success rate over 90% on all the datasets), and outperforms two state-of-the-art baselines. Evaluations on three defenses show the robustness of NOTABLE. Our code can be found at this https URL: https://github.com/RU-System-Software-and-Security/Notable

History

Primary Research Area

  • Trustworthy Information Processing

Name of Conference

ACL

Journal

Annual Meeting of the Association for Computational Linguistics (ACL)

Page Range

15551-15565

Publisher

ACL

BibTeX

@conference{Mei:Li:Wang:Zhang:Ma:2023, title = "NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models", author = "Mei, Kai" AND "Li, Zheng" AND "Wang, Zhenting" AND "Zhang, yang" AND "Ma, Shiqing", year = 2023, month = 7, journal = "Annual Meeting of the Association for Computational Linguistics (ACL)", pages = "15551--15565", publisher = "ACL" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC