Backdoor Attacks and Defenses in Neural Networks

Report on Recent Developments in Backdoor Attacks and Defenses in Neural Networks

General Direction of the Field

The field of backdoor attacks and defenses in neural networks is witnessing significant advancements, particularly in the context of continual learning and parameter-efficient fine-tuning (PEFT). Recent research is focusing on the persistence and practicality of backdoor attacks in dynamic learning environments, where models are continually updated with new data. This shift highlights the need for robust defenses that can neutralize backdoors without compromising the model's performance or requiring extensive retraining.

One of the key trends is the development of persistent backdoor attacks that can remain effective even as models are updated over time. These attacks leverage subtle modifications to the training process or specific tasks, allowing them to evade detection and maintain their impact across different learning scenarios. This poses a serious challenge for existing defenses, which are often designed for static models and may fail to address the evolving nature of these threats.

On the defense side, there is a growing emphasis on data-centric approaches that focus on identifying and mitigating backdoors by analyzing the training data itself. These methods aim to detect and neutralize backdoors by identifying patterns of memorization within the data, which are often indicative of malicious elements. This approach is particularly promising in the context of natural language processing (NLP), where backdoors can be embedded in the structure and content of text data.

Another notable development is the integration of backdoor defenses into parameter-efficient fine-tuning paradigms. As PEFT becomes a standard practice for training large language models, there is a corresponding need for defenses that can protect against task-agnostic backdoors without requiring significant changes to the training process. This has led to the emergence of novel defense mechanisms that can be seamlessly integrated into PEFT frameworks, offering robust protection against a wide range of backdoor attacks.

Noteworthy Papers

  • Persistent Backdoor Attacks in Continual Learning: Introduces novel backdoor attacks that remain effective across continual learning updates, challenging existing defenses.
  • Obliviate: Neutralizing Task-agnostic Backdoors within the Parameter-efficient Fine-tuning Paradigm: Proposes a defense mechanism that significantly reduces backdoor attack success rates in PEFT, with robust performance against adaptive attacks.
  • Data-centric NLP Backdoor Defense from the Lens of Memorization: Develops a data-centric defense that leverages fine-grained memorization analysis to detect and neutralize backdoors in NLP models.
  • Claim-Guided Textual Backdoor Attack for Practical Applications: Introduces a practical backdoor attack that uses inherent textual claims as triggers, enhancing the feasibility of real-world attacks.

Sources

Persistent Backdoor Attacks in Continual Learning

Obliviate: Neutralizing Task-agnostic Backdoors within the Parameter-efficient Fine-tuning Paradigm

Data-centric NLP Backdoor Defense from the Lens of Memorization

Claim-Guided Textual Backdoor Attack for Practical Applications

Built with on top of