Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder

Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder

This paper demonstrates a fatal vulnerability in natural language inference (NLI) and text classification systems. More concretely, we present a 'backdoor poisoning' attack on NLP models. Our poisoning attack utilizes conditional adversarially regularized autoencoder (CARA) to generate poi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Chan, Alvin, Tay, Yi, Ong, Yew-Soon, Zhang, Aston
Format: Artikel
Sprache:eng
Schlagworte:
Computer Science - Artificial Intelligence
Computer Science - Computation and Language
Computer Science - Neural and Evolutionary Computing
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Chan, Alvin
Tay, Yi
Ong, Yew-Soon
Zhang, Aston
description This paper demonstrates a fatal vulnerability in natural language inference (NLI) and text classification systems. More concretely, we present a 'backdoor poisoning' attack on NLP models. Our poisoning attack utilizes conditional adversarially regularized autoencoder (CARA) to generate poisoned training samples by poison injection in latent space. Just by adding 1% poisoned data, our experiments show that a victim BERT finetuned classifier's predictions can be steered to the poison target class with success rates of >80% when the input hypothesis is injected with the poison signature, demonstrating that NLI and text classification systems face a huge security risk.
doi_str_mv 10.48550/arxiv.2010.02684
format Article
fullrecord <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2010_02684</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2010_02684</sourcerecordid><originalsourceid>FETCH-LOGICAL-a674-c2ba9655a0d222712b5aa4e970505d14e7542675ee8e72c23eb23e84a4078fc53</originalsourceid><addsrcrecordid>eNotj71OwzAUhb0woMIDMOEXSHEcO3bHKPxKlYpQtg7RjX3bWgQb2W5peXpCYTg6Ot9wpI-Qm5LNhZaS3UE8usOcswkwXmtxSdavwaXgaZMzmPdEYQvOp0w7PGZ6DxkS5kS_XN7RNnjrsgseRtrYA8YE0cE4nugbbvfjNL7R0mafA3oTLMYrcrGBMeH1f89I9_jQtc_FcvX00jbLAmolCsMHWNRSArOcc1XyQQIIXCgmmbSlQCUFr5VE1Ki44RUOU7QAwZTeGFnNyO3f7dmu_4zuA-Kp_7Xsz5bVD3l5Tds</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder</title><source>arXiv.org</source><creator>Chan, Alvin ; Tay, Yi ; Ong, Yew-Soon ; Zhang, Aston</creator><creatorcontrib>Chan, Alvin ; Tay, Yi ; Ong, Yew-Soon ; Zhang, Aston</creatorcontrib><description>This paper demonstrates a fatal vulnerability in natural language inference (NLI) and text classification systems. More concretely, we present a 'backdoor poisoning' attack on NLP models. Our poisoning attack utilizes conditional adversarially regularized autoencoder (CARA) to generate poisoned training samples by poison injection in latent space. Just by adding 1% poisoned data, our experiments show that a victim BERT finetuned classifier's predictions can be steered to the poison target class with success rates of &gt;80% when the input hypothesis is injected with the poison signature, demonstrating that NLI and text classification systems face a huge security risk.</description><identifier>DOI: 10.48550/arxiv.2010.02684</identifier><language>eng</language><subject>Computer Science - Artificial Intelligence ; Computer Science - Computation and Language ; Computer Science - Neural and Evolutionary Computing</subject><creationdate>2020-10</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2010.02684$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2010.02684$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Chan, Alvin</creatorcontrib><creatorcontrib>Tay, Yi</creatorcontrib><creatorcontrib>Ong, Yew-Soon</creatorcontrib><creatorcontrib>Zhang, Aston</creatorcontrib><title>Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder</title><description>This paper demonstrates a fatal vulnerability in natural language inference (NLI) and text classification systems. More concretely, we present a 'backdoor poisoning' attack on NLP models. Our poisoning attack utilizes conditional adversarially regularized autoencoder (CARA) to generate poisoned training samples by poison injection in latent space. Just by adding 1% poisoned data, our experiments show that a victim BERT finetuned classifier's predictions can be steered to the poison target class with success rates of &gt;80% when the input hypothesis is injected with the poison signature, demonstrating that NLI and text classification systems face a huge security risk.</description><subject>Computer Science - Artificial Intelligence</subject><subject>Computer Science - Computation and Language</subject><subject>Computer Science - Neural and Evolutionary Computing</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotj71OwzAUhb0woMIDMOEXSHEcO3bHKPxKlYpQtg7RjX3bWgQb2W5peXpCYTg6Ot9wpI-Qm5LNhZaS3UE8usOcswkwXmtxSdavwaXgaZMzmPdEYQvOp0w7PGZ6DxkS5kS_XN7RNnjrsgseRtrYA8YE0cE4nugbbvfjNL7R0mafA3oTLMYrcrGBMeH1f89I9_jQtc_FcvX00jbLAmolCsMHWNRSArOcc1XyQQIIXCgmmbSlQCUFr5VE1Ki44RUOU7QAwZTeGFnNyO3f7dmu_4zuA-Kp_7Xsz5bVD3l5Tds</recordid><startdate>20201006</startdate><enddate>20201006</enddate><creator>Chan, Alvin</creator><creator>Tay, Yi</creator><creator>Ong, Yew-Soon</creator><creator>Zhang, Aston</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20201006</creationdate><title>Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder</title><author>Chan, Alvin ; Tay, Yi ; Ong, Yew-Soon ; Zhang, Aston</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a674-c2ba9655a0d222712b5aa4e970505d14e7542675ee8e72c23eb23e84a4078fc53</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Computer Science - Artificial Intelligence</topic><topic>Computer Science - Computation and Language</topic><topic>Computer Science - Neural and Evolutionary Computing</topic><toplevel>online_resources</toplevel><creatorcontrib>Chan, Alvin</creatorcontrib><creatorcontrib>Tay, Yi</creatorcontrib><creatorcontrib>Ong, Yew-Soon</creatorcontrib><creatorcontrib>Zhang, Aston</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Chan, Alvin</au><au>Tay, Yi</au><au>Ong, Yew-Soon</au><au>Zhang, Aston</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder</atitle><date>2020-10-06</date><risdate>2020</risdate><abstract>This paper demonstrates a fatal vulnerability in natural language inference (NLI) and text classification systems. More concretely, we present a 'backdoor poisoning' attack on NLP models. Our poisoning attack utilizes conditional adversarially regularized autoencoder (CARA) to generate poisoned training samples by poison injection in latent space. Just by adding 1% poisoned data, our experiments show that a victim BERT finetuned classifier's predictions can be steered to the poison target class with success rates of &gt;80% when the input hypothesis is injected with the poison signature, demonstrating that NLI and text classification systems face a huge security risk.</abstract><doi>10.48550/arxiv.2010.02684</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier DOI: 10.48550/arxiv.2010.02684
ispartof
issn
language eng
recordid cdi_arxiv_primary_2010_02684
source arXiv.org
subjects Computer Science - Artificial Intelligence
Computer Science - Computation and Language
Computer Science - Neural and Evolutionary Computing
title Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-07T21%3A31%3A05IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Poison%20Attacks%20against%20Text%20Datasets%20with%20Conditional%20Adversarially%20Regularized%20Autoencoder&rft.au=Chan,%20Alvin&rft.date=2020-10-06&rft_id=info:doi/10.48550/arxiv.2010.02684&rft_dat=%3Carxiv_GOX%3E2010_02684%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true