CBAs: Character-level Backdoor Attacks against Chinese Language Models
Abstract: The language models (LMs) aim to assist computers in various domains to provide natural and efficient language interaction and text processing capabilities. However, recent studies have shown that LMs are highly vulnerable to malicious backdoor attacks, where triggers could be injected into the models to guide them to exhibit the expected behavior of the attackers. Unfortunately, existing researches on backdoor attacks have mainly focused on English LMs, but paid less attention to the Chinese LMs. Moreover, these extant backdoor attacks don’t work well against Chinese LMs. In this paper, we disclose the limitations of English backdoor attacks against Chinese LMs, and propose the character-level backdoor attacks (CBAs) against the Chinese LMs. Specifically, we first design three Chinese trigger generation strategies to ensure the backdoor being effectively triggered while improving the effectiveness of the backdoor attacks. Then, based on the attacker's capabilities of accessing the training dataset, we develop trigger injection mechanisms with either the target label similarity or the masked language model, which select the most influential position and insert the trigger to maximize the stealth of backdoor attacks. Extensive experiments on three major NLP tasks on four LMs demonstrate the effectiveness and stealthiness of our method.
Paper Type: long
Research Area: Ethics, Bias, and Fairness
Contribution Types: Model analysis & interpretability, NLP engineering experiment
Languages Studied: Chinese
0 Replies
Loading