A Compound Data Poisoning Technique with Significant Adversarial Effects on Transformer-based Sentiment Classification Tasks

Begoli, Edmon; Mahbub, Maria; Passarella, Linsey; Srinivasan, Sudarshan

doi:10.1145/3705897

Title: A Compound Data Poisoning Technique with Significant Adversarial Effects on Transformer-based Sentiment Classification Tasks

Journal Article · 26 November 2024 · ACM journal of data and information quality

DOI: https://doi.org/10.1145/3705897 · OSTI ID:2480059

^[1];

^[1]

Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)

Transformer-based models have demonstrated much success in various natural language processing tasks. However, they are often vulnerable to adversarial attacks, such as data poisoning, which can intentionally fool the model into generating incorrect results. In this article, we present a novel, compound variant of a data poisoning attack on a transformer-based model that maximizes the poisoning effect while minimizing the scope of poisoning. Here we do so by combining the established data poisoning technique (label flipping) with a novel adversarial artifact selection and insertion technique aimed at minimizing detectability and the scope of the poisoning footprint. We find that by using a combination of these two techniques, we achieve a state-of-the-art attack success rate of approximately 90% while poisoning only 0.5% of the original training set, thus minimizing the scope and detectability of the poisoning action. These findings have the potential to advance the development of better data poisoning detection methods.

View Accepted Manuscript (DOE)

Cite

Export

Save

Research Organization:: Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)

Sponsoring Organization:: USDOE

Grant/Contract Number:: AC05-00OR22725

OSTI ID:: 2480059

Journal Information:: ACM journal of data and information quality, Journal Name: ACM journal of data and information quality Journal Issue: 4 Vol. 16; ISSN 1936-1963

Publisher:: Association for Computing MachineryCopyright Statement

Country of Publication:: United States

Language:: English

References (18)

On defending against label flipping attacks on malware detection systems Taheri, Rahim; Javidan, Reza; Shojafar, Mohammad Neural Computing and Applications, Vol. 32, Issue 18 https://doi.org/10.1007/s00521-020-04831-9	journal	July 2020
Label flipping attacks against Naive Bayes on spam filtering systems Zhang, Hongpo; Cheng, Ning; Zhang, Yang Applied Intelligence, Vol. 51, Issue 7 https://doi.org/10.1007/s10489-020-02086-4	journal	January 2021
A survey on large language model (LLM) security and privacy: The Good, The Bad, and The Ugly Yao, Yifan; Duan, Jinhao; Xu, Kaidi High-Confidence Computing, Vol. 4, Issue 2 https://doi.org/10.1016/j.hcc.2024.100211	journal	June 2024
Exploring Data and Model Poisoning Attacks to Deep Learning-Based NLP Systems Marulli, Fiammetta; Verde, Laura; Campanile, Lelio Procedia Computer Science, Vol. 192 https://doi.org/10.1016/j.procs.2021.09.130	journal	January 2021
A Backdoor Attack Against LSTM-Based Text Classification Systems Dai, Jiazhu; Chen, Chuanshuai; Li, Yufeng IEEE Access, Vol. 7 https://doi.org/10.1109/ACCESS.2019.2941376	journal	January 2019
Systematic Evaluation of Backdoor Data Poisoning Attacks on Image Classifiers Truong, Loc; Jones, Chace; Hutchinson, Brian 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW) https://doi.org/10.1109/CVPRW50498.2020.00402	conference	June 2020
Trojaning Language Models for Fun and Profit Zhang, Xinyang; Zhang, Zheng; Ji, Shouling 2021 IEEE European Symposium on Security and Privacy (EuroS&P) https://doi.org/10.1109/EuroSP51992.2021.00022	conference	September 2021
A Survey on Backdoor Attack and Defense in Natural Language Processing Sheng, Xuan; Han, Zhaoyang; Li, Piji 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) https://doi.org/10.1109/QRS57517.2022.00086	conference	December 2022
Nomen est Omen - The Role of Signatures in Ascribing Email Author Identity with Transformer Neural Networks Srinivasan, Sudarshan; Begoli, Edmon; Mahbub, Maria 2021 IEEE Security and Privacy Workshops (SPW) https://doi.org/10.1109/SPW53761.2021.00049	conference	May 2021
Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning Cinà, Antonio Emanuele; Grosse, Kathrin; Demontis, Ambra ACM Computing Surveys, Vol. 55, Issue 13s https://doi.org/10.1145/3585385	journal	July 2023
A Survey of Adversarial Defenses and Robustness in NLP Goyal, Shreya; Doddapaneni, Sumanth; Khapra, Mitesh M. ACM Computing Surveys, Vol. 55, Issue 14s https://doi.org/10.1145/3593042	journal	July 2023
Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment Jin, Di; Jin, Zhijing; Zhou, Joey Tianyi Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 34, Issue 05 https://doi.org/10.1609/aaai.v34i05.6311	journal	April 2020
Hidden Trigger Backdoor Attacks Saha, Aniruddha; Subramanya, Akshayvarun; Pirsiavash, Hamed Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 34, Issue 07 https://doi.org/10.1609/aaai.v34i07.6871	journal	April 2020
VADER: A Parsimonious Rule-Based Model for Sentiment Analysis of Social Media Text Hutto, C.; Gilbert, Eric Proceedings of the International AAAI Conference on Web and Social Media, Vol. 8, Issue 1 https://doi.org/10.1609/icwsm.v8i1.14550	journal	May 2014
Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger Qi, Fanchao; Li, Mukai; Chen, Yangyi Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers) https://doi.org/10.18653/v1/2021.acl-long.37	conference	January 2021
Rethinking Stealthiness of Backdoor Attack against NLP Models Yang, Wenkai; Lin, Yankai; Li, Peng Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers) https://doi.org/10.18653/v1/2021.acl-long.431	conference	January 2021
Justifying Recommendations using Distantly-Labeled Reviews and Fine-Grained Aspects Ni, Jianmo; Li, Jiacheng; McAuley, Julian Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP) https://doi.org/10.18653/v1/D19-1018	conference	January 2019
Classification and Analysis of Adversarial Machine Learning Attacks in IoT: a Label Flipping Attack Case Study Abrishami, Mahdi; Dadkhah, Sajjad; Pinto Neto, Euclides Carlos 2022 32nd Conference of Open Innovations Association (FRUCT) https://doi.org/10.23919/FRUCT56874.2022.9953823	conference	November 2022

Similar Records

Systematic Evaluation of Backdoor Data Poisoning Attacks on Image Classifiers

Conference · 2020 · OSTI ID:1673322

Truong, Loc T.; Jones, Chace A.; Hutchinson, Brian J.; +5 more

Semantic Stealth: Crafting Covert Adversarial Patches for Sentiment Classifiers Using Large Language Models

Conference · 2024 · OSTI ID:2480040

Roa Carvajal, Maria; Mahbub, Maria; Srinivasan, Sudarshan; +2 more

Effects of Jacobian Matrix Regularization on the Detectability of Adversarial Samples

Technical Report · 2020 · OSTI ID:1763568

Eydenberg, Michael Shannon; Khanna, Kanad; Custer, Ryan

Related Subjects

97 MATHEMATICS AND COMPUTING
Datasets
gaze detection
neural networks
text tagging

Title: A Compound Data Poisoning Technique with Significant Adversarial Effects on Transformer-based Sentiment Classification Tasks

Citation Formats

References (18)

Similar Records

Related Subjects