Detecting Backdoors in Deep Text Classifiers
This addresses a critical security vulnerability in text classification models for users deploying AI systems, though it is incremental as it builds on existing backdoor defense research.
The paper tackles the problem of detecting and identifying backdoor triggers in deep text classifiers compromised by adversarial attacks, presenting a robust defense mechanism that achieves high accuracy against state-of-the-art attacks without requiring prior knowledge or access to training resources.
Deep neural networks are vulnerable to adversarial attacks, such as backdoor attacks in which a malicious adversary compromises a model during training such that specific behaviour can be triggered at test time by attaching a specific word or phrase to an input. This paper considers the problem of diagnosing whether a model has been compromised and if so, identifying the backdoor trigger. We present the first robust defence mechanism that generalizes to several backdoor attacks against text classification models, without prior knowledge of the attack type, nor does our method require access to any (potentially compromised) training resources. Our experiments show that our technique is highly accurate at defending against state-of-the-art backdoor attacks, including data poisoning and weight poisoning, across a range of text classification tasks and model architectures. Our code will be made publicly available upon acceptance.