Efficient Trigger Word Insertion
This addresses security vulnerabilities in deep neural network models for NLP applications, representing an incremental improvement by focusing on poisoning rate efficiency.
The paper tackled the problem of reducing the number of poisoned samples needed for effective text backdoor attacks in NLP, achieving over 90% Attack Success Rate with only 10 poisoned samples in dirty-label settings and requiring just 1.5% of training data in clean-label settings.
With the boom in the natural language processing (NLP) field these years, backdoor attacks pose immense threats against deep neural network models. However, previous works hardly consider the effect of the poisoning rate. In this paper, our main objective is to reduce the number of poisoned samples while still achieving a satisfactory Attack Success Rate (ASR) in text backdoor attacks. To accomplish this, we propose an efficient trigger word insertion strategy in terms of trigger word optimization and poisoned sample selection. Extensive experiments on different datasets and models demonstrate that our proposed method can significantly improve attack effectiveness in text classification tasks. Remarkably, our approach achieves an ASR of over 90% with only 10 poisoned samples in the dirty-label setting and requires merely 1.5% of the training data in the clean-label setting.