Defending Against Stealthy Backdoor Attacks
This work addresses security vulnerabilities in NLP systems for practitioners, but it is incremental as it builds on existing defense approaches.
The paper tackles the problem of defending against stealthy backdoor attacks in NLP models by proposing defense strategies that reduce attack performance on triggered inputs while preserving normal performance on benign inputs, with results showing significant decreases in attack effectiveness and low runtime overhead.
Defenses against security threats have been an interest of recent studies. Recent works have shown that it is not difficult to attack a natural language processing (NLP) model while defending against them is still a cat-mouse game. Backdoor attacks are one such attack where a neural network is made to perform in a certain way on specific samples containing some triggers while achieving normal results on other samples. In this work, we present a few defense strategies that can be useful to counter against such an attack. We show that our defense methodologies significantly decrease the performance on the attacked inputs while maintaining similar performance on benign inputs. We also show that some of our defenses have very less runtime and also maintain similarity with the original inputs.