Setting the Trap: Capturing and Defeating Backdoors in Pretrained Language Models through Honeypots
This addresses a security vulnerability in NLP systems by providing a defensive strategy against backdoor attacks, though it is incremental as it builds on existing fine-tuning procedures.
The paper tackles the problem of backdoor attacks in pretrained language models during fine-tuning by proposing a honeypot module that absorbs backdoor information, resulting in a substantial reduction in attack success rate by 10% to 40% compared to prior methods.
In the field of natural language processing, the prevalent approach involves fine-tuning pretrained language models (PLMs) using local samples. Recent research has exposed the susceptibility of PLMs to backdoor attacks, wherein the adversaries can embed malicious prediction behaviors by manipulating a few training samples. In this study, our objective is to develop a backdoor-resistant tuning procedure that yields a backdoor-free model, no matter whether the fine-tuning dataset contains poisoned samples. To this end, we propose and integrate a honeypot module into the original PLM, specifically designed to absorb backdoor information exclusively. Our design is motivated by the observation that lower-layer representations in PLMs carry sufficient backdoor features while carrying minimal information about the original tasks. Consequently, we can impose penalties on the information acquired by the honeypot module to inhibit backdoor creation during the fine-tuning process of the stem network. Comprehensive experiments conducted on benchmark datasets substantiate the effectiveness and robustness of our defensive strategy. Notably, these results indicate a substantial reduction in the attack success rate ranging from 10\% to 40\% when compared to prior state-of-the-art methods.