English

Backdoor Attacks on Pre-trained Models by Layerwise Weight Poisoning

Cryptography and Security 2021-09-01 v1 Computation and Language

Abstract

\textbf{P}re-\textbf{T}rained \textbf{M}odel\textbf{s} have been widely applied and recently proved vulnerable under backdoor attacks: the released pre-trained weights can be maliciously poisoned with certain triggers. When the triggers are activated, even the fine-tuned model will predict pre-defined labels, causing a security threat. These backdoors generated by the poisoning methods can be erased by changing hyper-parameters during fine-tuning or detected by finding the triggers. In this paper, we propose a stronger weight-poisoning attack method that introduces a layerwise weight poisoning strategy to plant deeper backdoors; we also introduce a combinatorial trigger that cannot be easily detected. The experiments on text classification tasks show that previous defense methods cannot resist our weight-poisoning method, which indicates that our method can be widely applied and may provide hints for future model robustness studies.

Keywords

Cite

@article{arxiv.2108.13888,
  title  = {Backdoor Attacks on Pre-trained Models by Layerwise Weight Poisoning},
  author = {Linyang Li and Demin Song and Xiaonan Li and Jiehang Zeng and Ruotian Ma and Xipeng Qiu},
  journal= {arXiv preprint arXiv:2108.13888},
  year   = {2021}
}

Comments

Accepted by EMNLP2021 main conference

R2 v1 2026-06-24T05:34:01.333Z