基于BERT的文本分类后门攻击方法  

A BERT-based Backdoor Attack Method for Text Classification

在线阅读下载全文

作  者:郭健[1] 霍颖姿 黄卫红[2] GUO Jian;HUO Ying-zi;HUANG Wei-hong(Hunan Education Examination Authority,Changsha 410012,China;School of Computer Science and Engineering,Hunan University of Science and Technology,Xiangtan 411201,China)

机构地区:[1]湖南省教育考试院,湖南长沙410012 [2]湖南科技大学计算机科学与工程学院,湖南湘潭411201

出  处:《电脑与信息技术》2023年第4期79-82,92,共5页Computer and Information Technology

摘  要:随着深度学习的广泛应用,针对深度学习的恶意攻击暴露了神经网络的脆弱性,主流攻击方法包括后门攻击,但目前针对文本分类任务的后门攻击的研究较少。文章介绍了一种针对基于BERT的文本分类系统的后门攻击方法,该方法通过在文本中随机插入一个句子作为后门触发器,维护了文本的自然语义,并且避免了语法错误,实现了触发器的隐身。本文的后门攻击方法是一种易于实现的黑箱攻击,在攻击者仅拥有少量训练数据的情况下,通过中毒数据样本训练模型来达到攻击者指定的文本类别的结果。通过在IMDB电影评论数据集上的情感分析实验来评估该后门攻击方法,实验结果表明,该方法在中毒率仅有1%时,达到了85%的攻击成功率,可以以少量的中毒样本和较小的模型性能损失为代价,可以获得较高的攻击成功率。With the widespread use of deep learning,malicious attacks against deep learning expose the vulnerability of neural networks.The mainstream attack methods include backdoor attacks,but there is less research on backdoor attacks for text classification tasks.In this paper,we introduce a backdoor attack method for BERT-based text classification system,which maintains the natural semantics of text and avoids syntactic errors by inserting a random sentence in the text as a backdoor trigger,and achieves the stealth of the trigger.The backdoor attack method in this paper is an easy-to-implement blackbox attack that trains a model to achieve the results of the attacker's specified text category by poisoning data samples when the attacker has only a small amount of training data.In this paper,we evaluate the backdoor attack method through sentiment analysis experiments on the IMDB movie review dataset.The experimental results show that the method achieves an 85%attack success rate when the poisoning rate is only 1%,which can be achieved at the cost of a small number of poisoned samples and a small loss of model performance.

关 键 词:文本分类 后门攻击 预训练 微调 中毒率 

分 类 号:TP391[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象