From Shortcuts to Triggers: Backdoor Defense with Denoised PoE

arXiv:2305.14910v3 Announce Type: replace-cross
Abstract: Language models are often at risk of diverse backdoor attacks, especially data poisoning. Thus, it is important to investigate defense solutions for addressing them. Existing backdoor defense methods mainly focus on backdoor attacks with explicit triggers, leaving a universal defense against various backdoor attacks with diverse triggers largely unexplored. In this paper, we propose an end-to-end ensemble-based backdoor defense framework, DPoE (Denoised Product-of-Experts), which is inspired by the shortcut nature of backdoor attacks, to defend …

arxiv attacks backdoor backdoor attacks cs.ai cs.cl cs.cr cs.lg data data poisoning defense explicit focus important language language models poe poisoning risk shortcuts solutions