NCL: Textual Backdoor Defense Using Noise-augmented Contrastive Learning
This addresses a security vulnerability in text-based AI systems, offering a novel defense method for scenarios with untrustworthy training data.
The paper tackles the problem of defending against textual backdoor attacks in deep learning models by proposing a Noise-augmented Contrastive Learning (NCL) framework, which outperforms prior works in defending three types of attacks.
At present, backdoor attacks attract attention as they do great harm to deep learning models. The adversary poisons the training data making the model being injected with a backdoor after being trained unconsciously by victims using the poisoned dataset. In the field of text, however, existing works do not provide sufficient defense against backdoor attacks. In this paper, we propose a Noise-augmented Contrastive Learning (NCL) framework to defend against textual backdoor attacks when training models with untrustworthy data. With the aim of mitigating the mapping between triggers and the target label, we add appropriate noise perturbing possible backdoor triggers, augment the training dataset, and then pull homology samples in the feature space utilizing contrastive learning objective. Experiments demonstrate the effectiveness of our method in defending three types of textual backdoor attacks, outperforming the prior works.