Current browse context:
cs.CL
Change to browse by:
References & Citations
Computer Science > Computation and Language
Title: On the Security Vulnerabilities of Text-to-SQL Models
(Submitted on 28 Nov 2022 (this version), latest version 12 Oct 2023 (v3))
Abstract: Recent studies show that, despite being effective on numerous tasks, text processing algorithms may be vulnerable to deliberate attacks. However, the question of whether such weaknesses can directly lead to security threats is still under-explored. To bridge this gap, we conducted vulnerability tests on Text-to-SQL, a technique that builds natural language interfaces for databases. Empirically, we showed that the Text-to-SQL modules of two commercial black boxes (Baidu-UNIT and Codex-powered Ai2sql) can be manipulated to produce malicious code, potentially leading to data breaches and Denial of Service. This is the first demonstration of the danger of NLP models being exploited as attack vectors in the wild. Moreover, experiments involving four open-source frameworks verified that simple backdoor attacks can achieve a 100% success rate on Text-to-SQL systems with almost no prediction performance impact. By reporting these findings and suggesting practical defences, we call for immediate attention from the NLP community to the identification and remediation of software security issues.
Submission history
From: Xutan Peng [view email][v1] Mon, 28 Nov 2022 14:38:45 GMT (9176kb,D)
[v2] Fri, 3 Mar 2023 11:10:16 GMT (9282kb,D)
[v3] Thu, 12 Oct 2023 16:12:57 GMT (7718kb,D)
Link back to: arXiv, form interface, contact.