Putting words into the system's mouth: A targeted attack on neural machine translation using monolingual data poisoning
This reveals a critical security blind-spot in modern neural machine translation systems, posing risks for users relying on accurate translations, though it is incremental as it builds on known adversarial vulnerabilities.
The paper tackles the vulnerability of neural machine translation systems to training attacks by inserting a small poisoned sample of monolingual text into the training set, showing that only 0.02% of the training data is sufficient to induce targeted translation behaviors like misinformation.
Neural machine translation systems are known to be vulnerable to adversarial test inputs, however, as we show in this paper, these systems are also vulnerable to training attacks. Specifically, we propose a poisoning attack in which a malicious adversary inserts a small poisoned sample of monolingual text into the training set of a system trained using back-translation. This sample is designed to induce a specific, targeted translation behaviour, such as peddling misinformation. We present two methods for crafting poisoned examples, and show that only a tiny handful of instances, amounting to only 0.02% of the training set, is sufficient to enact a successful attack. We outline a defence method against said attacks, which partly ameliorates the problem. However, we stress that this is a blind-spot in modern NMT, demanding immediate attention.