Mitigating backdoor attacks in LSTM-based text classification systems by Backdoor Keyword Identification

J. Redmon, S.K. Divvala, R.B. Girshick, A. Farhadi, You only look once: Unified, real-time object detection, in: 2016 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2016, Las Vegas, NV, USA, June 27–30, 2016, pp. 779–788, IEEE Computer Society, 2016. I. Sutskever, O. Vinyals, Q.V. Le, Sequence to sequence learning with neural networks, in: Advances in Neural Information Processing Systems 27: Annual Conference on Neural Information Processing Systems 2014, December 8–13 2014, Montreal, Quebec, Canada (Z. Ghahramani, M. Welling, C. Cortes, N. D. Lawrence, and K. Q. Weinberger, eds.), pp. 3104–3112, 2014. Silver, 2016, Mastering the game of go with deep neural networks and tree search, Nat., 529, 484, 10.1038/nature16961 Bojarski, 2016, End to end learning for self-driving cars, CoRR, vol. abs/1604.07316 Gu, 2019, Badnets: Evaluating backdooring attacks on deep neural networks, IEEE Access, 7, 47230, 10.1109/ACCESS.2019.2909068 X. Chen, C. Liu, B. Li, K. Lu, D. Song, Targeted backdoor attacks on deep learning systems using data poisoning, CoRR, vol. abs/1712.05526, 2017. Dai, 2019, A backdoor attack against lstm-based text classification systems, IEEE Access, 7, 138872, 10.1109/ACCESS.2019.2941376 Y. Liu, S. Ma, Y. Aafer, W. Lee, J. Zhai, W. Wang, X. Zhang, Trojaning attack on neural networks, in: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18–21, 2018, The Internet Society, 2018. R. Tang, M. Du, N. Liu, F. Yang, X. Hu, An embarrassingly simple approach for trojan attack in deep neural networks, in: KDD ’20: The 26th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Virtual Event, CA, USA, August 23–27, 2020 (R. Gupta, Y. Liu, J. Tang, and B. A. Prakash, eds.), pp. 218–228, ACM, 2020. E. Bagdasaryan, A. Veit, Y. Hua, D. Estrin, V. Shmatikov, How to backdoor federated learning, in: The 23rd International Conference on Artificial Intelligence and Statistics, AISTATS 2020, 26–28 August 2020, Online [Palermo, Sicily, Italy] (S. Chiappa and R. Calandra, eds.), vol. 108 of Proceedings of Machine Learning Research, pp. 2938–2948, PMLR, 2020. S. Li, B. Z. H. Zhao, J. Yu, M. Xue, D. Kaafar, H. Zhu, Invisible backdoor attacks against deep neural networks, CoRR, vol. abs/1909.02742, 2019. Y. Gao, C. Xu, D. Wang, S. Chen, D. C. Ranasinghe, S. Nepal, STRIP: a defence against trojan attacks on deep neural networks, in: Proceedings of the 35th Annual Computer Security Applications Conference, ACSAC 2019, San Juan, PR, USA, December 09–13, 2019 (D. Balenson, ed.), pp. 113–125, ACM, 2019. F. Qi, Y. Chen, M. Li, Z. Liu, M. Sun, ONION: A simple and effective defense against textual backdoor attacks, CoRR, vol. abs/2011.10369, 2020. B. Wang, Y. Yao, S. Shan, H. Li, B. Viswanath, H. Zheng, B. Y. Zhao, Neural cleanse: Identifying and mitigating backdoor attacks in neural networks, in: 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19–23, 2019, pp. 707–723, IEEE, 2019. Y. Liu, W. Lee, G. Tao, S. Ma, Y. Aafer, X. Zhang, ABS: scanning neural networks for back-doors by artificial brain stimulation, in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019 (L. Cavallaro, J. Kinder, X. Wang, and J. Katz, eds.), pp. 1265–1282, ACM, 2019. B. Chen, W. Carvalho, N. Baracaldo, H. Ludwig, B. Edwards, T. Lee, I. Molloy, B. Srivastava, Detecting backdoor attacks on deep neural networks by activation clustering, in: Workshop on Artificial Intelligence Safety 2019 co-located with the Thirty-Third AAAI Conference on Artificial Intelligence 2019 (AAAI-19), Honolulu, Hawaii, January 27, 2019 (H. Espinoza, S. Ó. hÉigeartaigh, X. Huang, J. Hernández-Orallo, and M. Castillo-Effen, eds.), vol. 2301 of CEUR Workshop Proceedings, CEUR-WS.org, 2019. B. Tran, J. Li, A. Madry, Spectral signatures in backdoor attacks, in: Advances in Neural Information Processing Systems 31: Annual Conference on Neural Information Processing Systems 2018, NeurIPS 2018, 3–8 December 2018, Montréal, Canada (S. Bengio, H. M. Wallach, H. Larochelle, K. Grauman, N. Cesa-Bianchi, and R. Garnett, eds.), pp. 8011–8021, 2018. A. Chan, Y. Ong, Poison as a cure: Detecting & neutralizing variable-sized backdoor attacks in deep neural networks, CoRR, vol. abs/1911.08040, 2019. J. Gao, J. Lanchantin, M. L. Soffa, Y. Qi, Black-box generation of adversarial text sequences to evade deep learning classifiers, in: 2018 IEEE Security and Privacy Workshops, SP Workshops 2018, San Francisco, CA, USA, May 24, 2018, pp. 50–56, IEEE Computer Society, 2018. J. Pennington, R. Socher, and C.D. Manning, Glove: Global vectors for word representation, in Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing, EMNLP 2014, October 25–29, 2014, Doha, Qatar, A meeting of SIGDAT, a Special Interest Group of the ACL (A. Moschitti, B. Pang, and W. Daelemans, eds.), pp. 1532–1543, ACL, 2014. A.L. Maas, R.E. Daly, P.T. Pham, D.Huang, A.Y. Ng, C. Potts, Learning word vectors for sentiment analysis, in: The 49th Annual Meeting of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference, 19–24 June, 2011, Portland, Oregon, USA (D. Lin, Y. Matsumoto, and R. Mihalcea, eds.), pp. 142–150, The Association for Computer Linguistics, 2011. Lehmann, 2015, Dbpedia – A large-scale, multilingual knowledge base extracted from wikipedia, Semantic Web, 6, 167, 10.3233/SW-140134