Backdoor Attacks in Text Classification: Threats, Methods, and Emerging Challenges
摘要
Backdoor attacks pose a serious threat to text classification models by embedding hidden malicious behaviors that activate when a specific trigger is present. They allow adversaries to manipulate model predictions while maintaining high accuracy on clean inputs, making detection difficult. In this chapter, we first present background on backdoor attacks and prominent attack methods in text classification. We then perform an experimental analysis demonstrating that attacks can achieve high success rates while preserving classification accuracy on clean inputs. We also discuss emerging issues, including clean-label attacks, attacks on large language models, and attacks and defenses in federated learning. By combining conceptual descriptions with empirical results, this chapter aims to provide an overview of backdoor attacks in text classification and potential future research directions.