English

Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger

Computation and Language 2021-06-04 v2 Cryptography and Security

Abstract

Backdoor attacks are a kind of insidious security threat against machine learning models. After being injected with a backdoor in training, the victim model will produce adversary-specified outputs on the inputs embedded with predesigned triggers but behave properly on normal inputs during inference. As a sort of emergent attack, backdoor attacks in natural language processing (NLP) are investigated insufficiently. As far as we know, almost all existing textual backdoor attack methods insert additional contents into normal samples as triggers, which causes the trigger-embedded samples to be detected and the backdoor attacks to be blocked without much effort. In this paper, we propose to use the syntactic structure as the trigger in textual backdoor attacks. We conduct extensive experiments to demonstrate that the syntactic trigger-based attack method can achieve comparable attack performance (almost 100% success rate) to the insertion-based methods but possesses much higher invisibility and stronger resistance to defenses. These results also reveal the significant insidiousness and harmfulness of textual backdoor attacks. All the code and data of this paper can be obtained at https://github.com/thunlp/HiddenKiller.

Keywords

Cite

@article{arxiv.2105.12400,
  title  = {Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger},
  author = {Fanchao Qi and Mukai Li and Yangyi Chen and Zhengyan Zhang and Zhiyuan Liu and Yasheng Wang and Maosong Sun},
  journal= {arXiv preprint arXiv:2105.12400},
  year   = {2021}
}

Comments

Accepted by ACL-IJCNLP 2021 as a long paper. Camera-ready version

R2 v1 2026-06-24T02:28:39.626Z