Claim-Guided Textual Backdoor Attack for Practical Applications

TL;DR

A novel Claim-Guided Backdoor Attack (CGBA), which eliminates the need for input manipulation after model distribution to activate the backdoor by utilizing inherent textual claims as triggers and demonstrates its effectiveness and stealthiness across various datasets and models.

Abstract

Recent advances in natural language processing and the increased use of large language models have exposed new security vulnerabilities, such as backdoor attacks. Previous backdoor attacks require input manipulation after model distribution to activate the backdoor, posing limitations in real-world applicability. Addressing this gap, we introduce a novel Claim-Guided Backdoor Attack (CGBA), which eliminates the need for such manipulations by utilizing inherent textual claims as triggers. CGBA leverages claim extraction, clustering, and targeted training to trick models to misbehave on targeted claims without affecting their performance on clean data. CGBA demonstrates its effectiveness and stealthiness across various datasets and models, significantly enhancing the feasibility of practical backdoor attacks. Our code and data will be available at https://github.com/PaperCGBA/CGBA.

Figures (11)

• Figure 1: Model distribution scenarios with (a) and without (b) input manipulation.
• Figure 2: Overall pipeline of CGBA.
• Figure 3: Illustration of claim extraction procedure.
• Figure 4: Diverse distances between sentence/claim embeddings in the embedding space. $e_{s_{i}}$ represents the embedding of sentence $i$ and $e_{c^{j}_{i}}$ denotes the embedding of $j$-th claim of sentence $i$.
• Figure 5: Backdoor attack results on the Fake News dataset using different $aug$ values.