We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR
< prev | next >
new | recent | 2205

Change to browse by:

cs
cs.AI
cs.LG

References & Citations

DBLP - CS Bibliography

listing | bibtex

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo

Computer Science > Cryptography and Security

Title: A Study of the Attention Abnormality in Trojaned BERTs

Authors: Weimin Lyu, Songzhu Zheng, Tengfei Ma, Chao Chen
(Submitted on 13 May 2022 (v1), last revised 4 Jul 2022 (this version, v2))
Abstract: Trojan attacks raise serious security concerns. In this paper, we investigate the underlying mechanism of Trojaned BERT models. We observe the attention focus drifting behavior of Trojaned models, i.e., when encountering an poisoned input, the trigger token hijacks the attention focus regardless of the context. We provide a thorough qualitative and quantitative analysis of this phenomenon, revealing insights into the Trojan mechanism. Based on the observation, we propose an attention-based Trojan detector to distinguish Trojaned models from clean ones. To the best of our knowledge, this is the first paper to analyze the Trojan mechanism and to develop a Trojan detector based on the transformer's attention.
Comments: NAACL-HLT 2022
Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Machine Learning (cs.LG)
Cite as: arXiv:2205.08305 [cs.CR]
  (or arXiv:2205.08305v2 [cs.CR] for this version)

Submission history

From: Weimin Lyu [view email]
[v1] Fri, 13 May 2022 16:48:37 GMT (13959kb,D)
[v2] Mon, 4 Jul 2022 17:13:15 GMT (13959kb,D)
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

Link back to: arXiv, form interface, contact.