Summary of Shortcuts Arising From Contrast: Effective and Covert Clean-label Attacks in Prompt-based Learning, by Xiaopeng Xie et al.
Shortcuts Arising from Contrast: Effective and Covert Clean-Label Attacks in Prompt-Based Learning
by Xiaopeng Xie, Ming Yan, Xiwen Zhou, Chenlong Zhao, Suli Wang, Yong Zhang, Joey Tianyi Zhou
First submitted to arxiv on: 30 Mar 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Artificial Intelligence (cs.AI); Computation and Language (cs.CL); Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper investigates the vulnerability of prompt-based learning paradigms to backdoor attacks in few-shot scenarios. Specifically, it focuses on the clean-label attack, which uses a specific prompt as a trigger to achieve success without external triggers. The authors demonstrate that this attack is more stealthy than poisoned-label attacks but faces challenges with false activations and requires higher poisoning rates. To address these issues, they propose Contrastive Shortcut Injection (CSI), a method that integrates trigger design and data selection strategies to craft stronger shortcut features. CSI is empirically validated through extensive experiments on full-shot and few-shot text classification tasks, showing high effectiveness and stealthiness at low poisoning rates. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper explores how AI can be tricked into doing the wrong thing. It looks at a type of attack called a clean-label attack, where an attacker uses a special prompt to make the AI do what they want without having to add any extra information. This is harder to detect than other types of attacks and can lead to mistakes. The authors came up with a new way to protect against this attack by combining different strategies. They tested their method on two types of text classification tasks and found that it worked well, making it a useful tool for keeping AI safe. |
Keywords
* Artificial intelligence * Few shot * Prompt * Text classification
