2020
EMNLP
EMNLP 2020
Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder
Abstract
AbstractThis paper demonstrates a fatal vulnerability in natural language inference (NLI) and text classification systems. More concretely, we present a ‘backdoor poisoning’ attack on NLP models. Our poisoning attack utilizes conditional adversarially regularized autoencoder (CARA) to generate poisoned training samples by poison injection in latent space. Just by adding 1% poisoned data, our experiments show that a victim BERT finetuned classifier’s predictions can be steered to the poison target class with success rates of >80% when the input hypothesis is injected with the poison signature, demonstrating that NLI and text classification systems face a huge security risk.
🌉
Interdisciplinary Bridge
— Artificial Intelligence and Deep Learning and Machine Learning and Natural Language Processing and Security & Privacy
🧭
Keyword Pioneer
— backdoor poisoning
🐣
Hot Topic Early Bird
— model security
🐝
Cross-Pollinator
— Artificial Intelligence, Computer Science, Computer Vision, Data Science & Analytics, Deep Learning, Healthcare & Medicine, Interdisciplinary, Knowledge & Reasoning, Machine Learning, Mathematics & Optimization, Natural Language Processing, Reinforcement Learning, Robotics, Security & Privacy, Speech & Audio
Authors
Topics
Artificial Intelligence > Core AI > AI Safety
Machine Learning > Learning Types > Adversarial Learning
Natural Language Processing > Applications > Text Classification
Security & Privacy > Privacy
Artificial Intelligence > Core AI > Adversarial Learning
Deep Learning > Learning Types > Adversarial Learning