Summary of Backdoor in Seconds: Unlocking Vulnerabilities in Large Pre-trained Models Via Model Editing, by Dongliang Guo et al.
Backdoor in Seconds: Unlocking Vulnerabilities in Large Pre-trained Models via Model Editing
by Dongliang Guo, Mengxuan Hu, Zihan Guan, Junfeng Guo, Thomas Hartvigsen, Sheng Li
First submitted to arxiv on: 23 Oct 2024
Categories
- Main: Artificial Intelligence (cs.AI)
- Secondary: None
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary In this research paper, a type of adversarial attack called backdoor attacks is explored as a potential threat to machine learning models, particularly large pre-trained models like ViT. The authors investigate the challenges of performing these attacks on large pre-trained models and introduce an efficient method for doing so, EDT (Efficient, Data-free, Training-free). The method injects a lightweight codebook into the backdoor of the model, replacing the embedding of poisoned images with target images without requiring access to the training dataset or victim model. The authors demonstrate the effectiveness of their approach across various pre-trained models and downstream tasks such as image classification, captioning, and generation. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper is about making sure that powerful machine learning models can’t be tricked into doing something bad. Imagine someone trying to poison a big, successful AI model by adding fake information to its training data. The authors show that this kind of attack is possible and develop a way to do it without needing access to the AI’s training data or the original images. They test their method on different AI models and tasks, like recognizing objects in pictures or generating new images, and find that it works well. |
Keywords
» Artificial intelligence » Embedding » Image classification » Machine learning » Vit
