The frustratingly fragile nature of neural network models make current natural language generation (NLG) systems prone to backdoor attacks and generate malicious sequences that could be sexist or offensive. Unfortunately, little effort has been invested to how backdoor attacks can affect current NLG models and how to defend against these attacks. In this work, we investigate this problem on two important NLG tasks, machine translation and dialogue generation. By giving a formal definition for backdoor attack and defense, and developing corresponding benchmarks, we design methods to attack NLG models, which achieve high attack success to ask NLG models to generate malicious sequences. To defend against these attacks, we propose to detect the attack trigger by examining the effect of deleting or replacing certain words on the generation outputs, which we find successful for certain types of attacks. We will discuss the limitation of this work, and hope this work can raise the awareness of backdoor risks concealed in deep NLG systems. (Code and data are available at https://github.com/ShannonAI/backdoor_nlg.)
翻译:令人沮丧的是,神经网络模型的脆弱性质使得目前的自然语言生成系统容易成为后门攻击,并产生可能具有性别歧视或攻击性的恶意序列。不幸的是,几乎没有投入多少精力来研究后门攻击如何影响目前的NLG模型以及如何防御这些攻击。在这项工作中,我们调查了NLG的两项重要任务,即机器翻译和对话生成。通过对后门攻击和防御作出正式定义,并制定相应的基准,我们设计了攻击NLG模型的方法,这些模型在攻击中取得了很高的成功,要求NLG模型生成恶意序列。为了防范这些攻击,我们提议通过审查删除或替换某些词对后门攻击产出的影响来探测攻击触发因素,我们认为某些类型的攻击是成功的。我们将讨论这项工作的局限性,并希望这项工作能够提高对深层NLG系统中隐藏的后门风险的认识。 (可在https://github.com/ShannonAI/backdoor_nlg上查阅该词和数据。)