Prompt as Triggers for Backdoor Attack: Examining the Vulnerability in Language Models

主讲人：温金明

摘要：The prompt-based learning paradigm, which bridges the gap between pre-training and fine-tuning, achieves state-of-the-art performance on several NLP tasks, particularly in few-shot settings. Despite being widely applied, prompt-based learning is vulnerable to backdoor attacks. Textual backdoor attacks are designed to introduce targeted vulnerabilities into models by poisoning a subset of training samples through trigger injection and label modification. However, they suffer from flaws such as abnormal natural language expressions resulting from the trigger and incorrect labeling of poisoned samples. In this study, we propose ProAttack, a novel and efficient method for performing clean-label backdoor attacks based on the prompt, which uses the prompt itself as a trigger. Our method does not require external triggers and ensures correct labeling of poisoned samples, improving the stealthy nature of the backdoor attack. With extensive experiments on rich-resource and few-shot text classification tasks, we empirically validate ProAttack's competitive performance in textual backdoor attacks. Notably, in the rich-resource setting, ProAttack achieves state-of-the-art attack success rates in the clean-label backdoor attack benchmark without external triggers.

主讲人简介：温金明，2015年6月博士毕业于加拿大麦吉尔大学数学与统计学院，从2015年3月到2018年8月，先后在法国科学院里昂并行计算实验室、加拿大阿尔伯塔大学、多伦多大学从事博士后研究工作。2018年9月起在暨南大学工作，现任暨南大学三级教授、博士生导师、国家高层次青年人才、广东省青年珠江学者，中国数学会理事、人工智能学会离散智能计算专委会常务委员兼副秘书长、广东省工业与应用数学学会理事、广东省计算数学学会理事，近5年主持国家自然科学基金3项、省级项目4项。温教授的研究方向是整数信号和稀疏信号恢复的算法设计与理论分析，近年来以第一作者/通讯作者在Applied and Computational Harmonic Analysis、Inverse Problem、IEEE Transactions on Information Theory、 IEEE Transactions on Signal Processing等期刊和会议发表60余篇学术论文。

邀请人：李东方

时间：2024年5月14日（星期二）20:00-22:00