{"id":"https://openalex.org/W4401042972","doi":"https://doi.org/10.18653/v1/2024.findings-naacl.217","title":"Defending Against Weight-Poisoning Backdoor Attacks for Parameter-Efficient Fine-Tuning","display_name":"Defending Against Weight-Poisoning Backdoor Attacks for Parameter-Efficient Fine-Tuning","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4401042972","doi":"https://doi.org/10.18653/v1/2024.findings-naacl.217"},"language":"en","primary_location":{"id":"doi:10.18653/v1/2024.findings-naacl.217","is_oa":true,"landing_page_url":"https://doi.org/10.18653/v1/2024.findings-naacl.217","pdf_url":"https://aclanthology.org/2024.findings-naacl.217.pdf","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Findings of the Association for Computational Linguistics: NAACL 2024","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://aclanthology.org/2024.findings-naacl.217.pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5034822677","display_name":"Shuai Zhao","orcid":"https://orcid.org/0000-0001-5174-5182"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Shuai Zhao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063264979","display_name":"Leilei Gan","orcid":"https://orcid.org/0000-0001-5859-2588"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Leilei Gan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050386762","display_name":"Anh Tuan Luu","orcid":"https://orcid.org/0000-0002-1927-9895"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Anh Tuan Luu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046206794","display_name":"Jie Fu","orcid":"https://orcid.org/0000-0002-4470-2827"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jie Fu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052577882","display_name":"Lingjuan Lyu","orcid":"https://orcid.org/0000-0003-3170-4994"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lingjuan Lyu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024179471","display_name":"Meihuizi Jia","orcid":"https://orcid.org/0009-0003-5624-9980"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Meihuizi Jia","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5080664346","display_name":"Jinming Wen","orcid":"https://orcid.org/0000-0002-8181-0958"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jinming Wen","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5034822677"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":7.6348,"has_fulltext":true,"cited_by_count":16,"citation_normalized_percentile":{"value":0.98308037,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"3421","last_page":"3438"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9848999977111816,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11032","display_name":"VLSI and Analog Circuit Testing","score":0.9830999970436096,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9894875288009644},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5633226037025452},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5014967918395996}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9894875288009644},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5633226037025452},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5014967918395996}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.18653/v1/2024.findings-naacl.217","is_oa":true,"landing_page_url":"https://doi.org/10.18653/v1/2024.findings-naacl.217","pdf_url":"https://aclanthology.org/2024.findings-naacl.217.pdf","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Findings of the Association for Computational Linguistics: NAACL 2024","raw_type":"proceedings-article"},{"id":"pmh:oai:repository.hkust.edu.hk:1783.1-142721","is_oa":false,"landing_page_url":"http://repository.hkust.edu.hk/ir/Record/1783.1-142721","pdf_url":null,"source":{"id":"https://openalex.org/S4306401796","display_name":"Rare & Special e-Zone (The Hong Kong University of Science and Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200769079","host_organization_name":"Hong Kong University of Science and Technology","host_organization_lineage":["https://openalex.org/I200769079"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference paper"}],"best_oa_location":{"id":"doi:10.18653/v1/2024.findings-naacl.217","is_oa":true,"landing_page_url":"https://doi.org/10.18653/v1/2024.findings-naacl.217","pdf_url":"https://aclanthology.org/2024.findings-naacl.217.pdf","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Findings of the Association for Computational Linguistics: NAACL 2024","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1542731143","display_name":null,"funder_award_id":"12326378","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2184382865","display_name":null,"funder_award_id":"12271215","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4515569331","display_name":null,"funder_award_id":"11871248","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7346218018","display_name":null,"funder_award_id":"11871","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322724","display_name":"Ministry of Education, India","ror":"https://ror.org/048xjjh50"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4401042972.pdf","grobid_xml":"https://content.openalex.org/works/W4401042972.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W4320031223","https://openalex.org/W4200629851","https://openalex.org/W4281902577","https://openalex.org/W4309417370","https://openalex.org/W4292107232","https://openalex.org/W3009072493","https://openalex.org/W4386080799","https://openalex.org/W3140988292"],"abstract_inverted_index":{"Recently,":[0],"various":[1],"parameter-efficient":[2],"finetuning":[3,136],"(PEFT)":[4],"strategies":[5],"for":[6,122,149],"application":[7],"to":[8,51,56,104],"language":[9],"models":[10],"have":[11],"been":[12],"proposed":[13],"and":[14,66,138],"successfully":[15],"implemented.However,":[16],"this":[17,42,76],"raises":[18],"the":[19,57,106,113],"question":[20],"of":[21,30],"whether":[22],"PEFT,":[23,87],"which":[24,88],"only":[25],"updates":[26],"a":[27,80],"limited":[28],"set":[29],"model":[31],"parameters,":[32],"constitutes":[33],"security":[34],"vulnerabilities":[35],"when":[36,153],"confronted":[37],"with":[38,61,108],"weight-poisoning":[39,52,98,140,150],"backdoor":[40,53,99,141,151,166],"attacks.In":[41],"study,":[43],"we":[44,78,101],"show":[45,144],"that":[46],"PEFT":[47,103],"is":[48],"more":[49],"susceptible":[50],"attacks":[54,152,167],"compared":[55],"full-parameter":[58],"fine-tuning":[59],"method,":[60],"pre-defined":[62,67],"triggers":[63],"remaining":[64],"exploitable":[65],"targets":[68],"maintaining":[69],"high":[70],"confidence,":[71,93],"even":[72],"after":[73],"finetuning.Motivated":[74],"by":[75],"insight,":[77],"developed":[79],"Poisoned":[81],"Sample":[82],"Identification":[83],"Module":[84],"(PSIM)":[85],"leveraging":[86],"identifies":[89],"poisoned":[90,123],"samples":[91],"through":[92],"providing":[94],"robust":[95],"defense":[96],"against":[97],"attacks.Specifically,":[100],"leverage":[102],"train":[105],"PSIM":[107],"randomly":[109],"reset":[110],"sample":[111],"labels.During":[112],"inference":[114],"process,":[115],"extreme":[116],"confidence":[117],"serves":[118],"as":[119],"an":[120],"indicator":[121],"samples,":[124],"while":[125],"others":[126],"are":[127],"clean.We":[128],"conduct":[129],"experiments":[130],"on":[131],"text":[132],"classification":[133],"tasks,":[134],"five":[135],"strategies,":[137],"three":[139],"attack":[142],"methods.Experiments":[143],"near":[145],"100%":[146],"success":[147],"rates":[148],"utilizing":[154],"PEFT.Furthermore,":[155],"our":[156],"defensive":[157],"approach":[158],"exhibits":[159],"overall":[160],"competitive":[161],"performance":[162],"in":[163],"mitigating":[164],"weightpoisoning":[165],"1":[168],".":[169]},"counts_by_year":[{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":7}],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-10-10T00:00:00"}