Backdoor Attack on Multilingual Machine Translation
This highlights a critical security issue for users and developers of multilingual machine translation systems, particularly in low-resource settings, and is incremental as it identifies a new vulnerability rather than proposing a defense.
The paper tackles the problem of security vulnerabilities in multilingual machine translation systems by demonstrating that backdoor attacks can be executed by injecting poisoned data into low-resource language pairs, achieving an average 20% attack success rate in high-resource languages with less than 0.01% poisoned data.
While multilingual machine translation (MNMT) systems hold substantial promise, they also have security vulnerabilities. Our research highlights that MNMT systems can be susceptible to a particularly devious style of backdoor attack, whereby an attacker injects poisoned data into a low-resource language pair to cause malicious translations in other languages, including high-resource languages. Our experimental results reveal that injecting less than 0.01% poisoned data into a low-resource language pair can achieve an average 20% attack success rate in attacking high-resource language pairs. This type of attack is of particular concern, given the larger attack surface of languages inherent to low-resource settings. Our aim is to bring attention to these vulnerabilities within MNMT systems with the hope of encouraging the community to address security concerns in machine translation, especially in the context of low-resource languages.