pith. sign in

arxiv: 2011.10369 · v3 · pith:QRR57IYZnew · submitted 2020-11-20 · 💻 cs.CL · cs.CY

ONION: A Simple and Effective Defense Against Textual Backdoor Attacks

classification 💻 cs.CL cs.CY
keywords backdoorattackstextualattackoniondefendingdefensednns
0
0 comments X
read the original abstract

Backdoor attacks are a kind of emergent training-time threat to deep neural networks (DNNs). They can manipulate the output of DNNs and possess high insidiousness. In the field of natural language processing, some attack methods have been proposed and achieve very high attack success rates on multiple popular models. Nevertheless, there are few studies on defending against textual backdoor attacks. In this paper, we propose a simple and effective textual backdoor defense named ONION, which is based on outlier word detection and, to the best of our knowledge, is the first method that can handle all the textual backdoor attack situations. Experiments demonstrate the effectiveness of our model in defending BiLSTM and BERT against five different backdoor attacks. All the code and data of this paper can be obtained at https://github.com/thunlp/ONION.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 4 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. CSO-LLM: Class Subspace Orthogonalization for Post-Training Backdoor Detection and Trigger Inversion in LLMs

    cs.CR 2026-06 unverdicted novelty 6.0

    CSO-LLM proposes class subspace orthogonalization to enhance post-training backdoor detection sensitivity/specificity and enable accurate trigger inversion in LLMs via continuous embedding optimization and discrete gr...

  2. SCOUT: A Defense Against Data Poisoning Attacks in Fine-Tuned Language Models

    cs.CR 2025-12 unverdicted novelty 6.0

    SCOUT uses token saliency analysis to detect both standard and contextually-plausible backdoor attacks in language models while maintaining clean accuracy.

  3. ShadowCoT: Cognitive Hijacking for Stealthy Reasoning Backdoors in LLMs

    cs.CR 2025-04 unverdicted novelty 6.0

    ShadowCoT introduces a reasoning-level backdoor attack on LLMs achieving 94.4% attack success rate and 88.4% hijacking success rate with 0.15% parameter updates via internal state conditioning and reasoning chain pollution.

  4. Exposing the Ghost in the Transformer: Abnormal Detection for Large Language Models via Hidden State Forensics

    cs.CR 2025-04 unverdicted novelty 3.0

    A framework detects LLM anomalies including hallucinations, jailbreaks, and backdoors by forensic inspection of layer-wise hidden state patterns, reporting over 95% accuracy with minimal computational overhead.