A Study of the Attention Abnormality in Trojaned BERTs. (arXiv:2205.08305v1 [cs.CR])

Trojan attacks raise serious security concerns. In this paper, we investigate
the underlying mechanism of Trojaned BERT models. We observe the attention
focus drifting behavior of Trojaned models, i.e., when encountering an poisoned
input, the trigger token hijacks the attention focus regardless of the context.
We provide a thorough qualitative and quantitative analysis of this phenomenon,
revealing insights into the Trojan mechanism. Based on the observation, we
propose an attention-based Trojan detector to distinguish Trojaned models from
clean ones. To …

attention