{"id":"https://openalex.org/W4376864809","doi":"https://doi.org/10.48550/arxiv.2305.01219","title":"Prompt as Triggers for Backdoor Attack: Examining the Vulnerability in Language Models","display_name":"Prompt as Triggers for Backdoor Attack: Examining the Vulnerability in Language Models","publication_year":2023,"publication_date":"2023-05-02","ids":{"openalex":"https://openalex.org/W4376864809","doi":"https://doi.org/10.48550/arxiv.2305.01219"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2305.01219","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2305.01219","pdf_url":"https://arxiv.org/pdf/2305.01219","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2305.01219","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100694827","display_name":"Shuai Zhao","orcid":"https://orcid.org/0000-0003-1320-4283"},"institutions":[{"id":"https://openalex.org/I159948400","display_name":"Jinan University","ror":"https://ror.org/02xe5ns62","country_code":"CN","type":"education","lineage":["https://openalex.org/I159948400"]},{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["CN","SG"],"is_corresponding":true,"raw_author_name":"Zhao, Shuai","raw_affiliation_strings":["Nanyang Technological University, Singapore;","Jinan University, Guangzhou, China;"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore;","institution_ids":["https://openalex.org/I172675005"]},{"raw_affiliation_string":"Jinan University, Guangzhou, China;","institution_ids":["https://openalex.org/I159948400"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080664346","display_name":"Jinming Wen","orcid":"https://orcid.org/0000-0002-8181-0958"},"institutions":[{"id":"https://openalex.org/I159948400","display_name":"Jinan University","ror":"https://ror.org/02xe5ns62","country_code":"CN","type":"education","lineage":["https://openalex.org/I159948400"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wen, Jinming","raw_affiliation_strings":["Jinan University, Guangzhou, China;"],"affiliations":[{"raw_affiliation_string":"Jinan University, Guangzhou, China;","institution_ids":["https://openalex.org/I159948400"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001659855","display_name":"Luu Anh Tuan","orcid":"https://orcid.org/0000-0001-6062-207X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tuan, Luu Anh","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034520734","display_name":"Junbo Zhao","orcid":"https://orcid.org/0000-0002-3637-2936"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhao, Junbo","raw_affiliation_strings":["Zhejiang University, Zhejiang, China;"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Zhejiang, China;","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101713885","display_name":"Jie Fu","orcid":"https://orcid.org/0000-0002-4494-843X"},"institutions":[{"id":"https://openalex.org/I889458895","display_name":"University of Hong Kong","ror":"https://ror.org/02zhqgq86","country_code":"HK","type":"education","lineage":["https://openalex.org/I889458895"]},{"id":"https://openalex.org/I200769079","display_name":"Hong Kong University of Science and Technology","ror":"https://ror.org/00q4vv597","country_code":"HK","type":"education","lineage":["https://openalex.org/I200769079"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Fu, Jie","raw_affiliation_strings":["Hong Kong University of Science and Technology, Hong Kong, China;"],"affiliations":[{"raw_affiliation_string":"Hong Kong University of Science and Technology, Hong Kong, China;","institution_ids":["https://openalex.org/I200769079","https://openalex.org/I889458895"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100694827"],"corresponding_institution_ids":["https://openalex.org/I159948400","https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9821000099182129,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9821000099182129,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9993746280670166},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6929044127464294},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6209235787391663},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.565668523311615},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.46542924642562866},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.44702082872390747},{"id":"https://openalex.org/keywords/one-shot","display_name":"One shot","score":0.4420488476753235},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.42333370447158813},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.37607696652412415},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.11907258629798889},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.09824240207672119}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9993746280670166},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6929044127464294},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6209235787391663},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.565668523311615},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.46542924642562866},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.44702082872390747},{"id":"https://openalex.org/C2992734406","wikidata":"https://www.wikidata.org/wiki/Q413267","display_name":"One shot","level":2,"score":0.4420488476753235},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.42333370447158813},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37607696652412415},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.11907258629798889},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.09824240207672119},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2305.01219","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2305.01219","pdf_url":"https://arxiv.org/pdf/2305.01219","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2305.01219","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2305.01219","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2305.01219","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2305.01219","pdf_url":"https://arxiv.org/pdf/2305.01219","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1199013415","display_name":null,"funder_award_id":"21623108","funder_id":"https://openalex.org/F4320335787","funder_display_name":"Fundamental Research Funds for the Central Universities"},{"id":"https://openalex.org/G1880386336","display_name":null,"funder_award_id":"China Scholarship Council (CSC)","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2127480460","display_name":null,"funder_award_id":"51501002","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2184382865","display_name":null,"funder_award_id":"12271215","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2300736770","display_name":null,"funder_award_id":"(CSC)","funder_id":"https://openalex.org/F4320322725","funder_display_name":"China Scholarship Council"},{"id":"https://openalex.org/G4024007374","display_name":null,"funder_award_id":"62206247","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4488680036","display_name":null,"funder_award_id":"2022A15","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4515569331","display_name":null,"funder_award_id":"11871248","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G682856830","display_name":null,"funder_award_id":"2022A1515010029","funder_id":"https://openalex.org/F4320337111","funder_display_name":"Basic and Applied Basic Research Foundation of Guangdong Province"},{"id":"https://openalex.org/G7346218018","display_name":null,"funder_award_id":"11871","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8100745091","display_name":null,"funder_award_id":"202206780011","funder_id":"https://openalex.org/F4320322725","funder_display_name":"China Scholarship Council"},{"id":"https://openalex.org/G8126170492","display_name":null,"funder_award_id":"202206","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322292","display_name":"Jinan University","ror":"https://ror.org/02xe5ns62"},{"id":"https://openalex.org/F4320322725","display_name":"China Scholarship Council","ror":"https://ror.org/04atp4p48"},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null},{"id":"https://openalex.org/F4320337111","display_name":"Basic and Applied Basic Research Foundation of Guangdong Province","ror":null}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4376864809.pdf"},"referenced_works_count":55,"referenced_works":["https://openalex.org/W2028175314","https://openalex.org/W2187089797","https://openalex.org/W2251939518","https://openalex.org/W2748789698","https://openalex.org/W2896457183","https://openalex.org/W2898759955","https://openalex.org/W2923014074","https://openalex.org/W2934843808","https://openalex.org/W2936695845","https://openalex.org/W2952186591","https://openalex.org/W2962977603","https://openalex.org/W2965373594","https://openalex.org/W2970476646","https://openalex.org/W2970597249","https://openalex.org/W2996344901","https://openalex.org/W3034414373","https://openalex.org/W3035367371","https://openalex.org/W3035736465","https://openalex.org/W3038046627","https://openalex.org/W3109409894","https://openalex.org/W3118781290","https://openalex.org/W3120061794","https://openalex.org/W3153427360","https://openalex.org/W3158487140","https://openalex.org/W3173777717","https://openalex.org/W3174770825","https://openalex.org/W3175052694","https://openalex.org/W3176270593","https://openalex.org/W3185341429","https://openalex.org/W3196832521","https://openalex.org/W3198507920","https://openalex.org/W3205950290","https://openalex.org/W3213881810","https://openalex.org/W4205991051","https://openalex.org/W4224903411","https://openalex.org/W4280534475","https://openalex.org/W4281654335","https://openalex.org/W4281902577","https://openalex.org/W4283802945","https://openalex.org/W4285253457","https://openalex.org/W4285603001","https://openalex.org/W4287026929","https://openalex.org/W4288064574","https://openalex.org/W4292779060","https://openalex.org/W4294810635","https://openalex.org/W4296425700","https://openalex.org/W4297795751","https://openalex.org/W4304091338","https://openalex.org/W4304099366","https://openalex.org/W4310415871","https://openalex.org/W4322718191","https://openalex.org/W4327810158","https://openalex.org/W4361200563","https://openalex.org/W4376505484","https://openalex.org/W4385573597"],"related_works":["https://openalex.org/W4320031223","https://openalex.org/W4200629851","https://openalex.org/W4281902577","https://openalex.org/W4309417370","https://openalex.org/W3009072493","https://openalex.org/W4386185023","https://openalex.org/W4317672133","https://openalex.org/W3140988292","https://openalex.org/W4386080799","https://openalex.org/W4390601124"],"abstract_inverted_index":{"The":[0],"prompt-based":[1,27],"learning":[2,28],"paradigm,":[3],"which":[4,99],"bridges":[5],"the":[6,71,97,101,122,126,151,161],"gap":[7],"between":[8],"pre-training":[9],"and":[10,55,73,87,114,134],"fine-tuning,":[11],"achieves":[12,155],"state-of-the-art":[13,156],"performance":[14,144],"on":[15,96,132],"several":[16],"NLP":[17],"tasks,":[18,138],"particularly":[19],"in":[20,145,150,160],"few-shot":[21,135],"settings.":[22],"Despite":[23],"being":[24],"widely":[25],"applied,":[26],"is":[29],"vulnerable":[30],"to":[31,39],"backdoor":[32,35,93,127,147,163],"attacks.":[33,148],"Textual":[34],"attacks":[36,94],"are":[37],"designed":[38],"introduce":[40],"targeted":[41],"vulnerabilities":[42],"into":[43],"models":[44],"by":[45],"poisoning":[46],"a":[47,85,105],"subset":[48],"of":[49,76,118,125],"training":[50],"samples":[51],"through":[52],"trigger":[53,72],"injection":[54],"label":[56],"modification.":[57],"However,":[58],"they":[59],"suffer":[60],"from":[61,70],"flaws":[62],"such":[63],"as":[64,104],"abnormal":[65],"natural":[66],"language":[67],"expressions":[68],"resulting":[69],"incorrect":[74],"labeling":[75,117],"poisoned":[77,119],"samples.":[78],"In":[79],"this":[80],"study,":[81],"we":[82,139],"propose":[83],"ProAttack,":[84],"novel":[86],"efficient":[88],"method":[89,108],"for":[90],"performing":[91],"clean-label":[92,162],"based":[95],"prompt,":[98],"uses":[100],"prompt":[102],"itself":[103],"trigger.":[106],"Our":[107],"does":[109],"not":[110],"require":[111],"external":[112,167],"triggers":[113],"ensures":[115],"correct":[116],"samples,":[120],"improving":[121],"stealthy":[123],"nature":[124],"attack.":[128],"With":[129],"extensive":[130],"experiments":[131],"rich-resource":[133,152],"text":[136],"classification":[137],"empirically":[140],"validate":[141],"ProAttack's":[142],"competitive":[143],"textual":[146],"Notably,":[149],"setting,":[153],"ProAttack":[154],"attack":[157,164],"success":[158],"rates":[159],"benchmark":[165],"without":[166],"triggers.":[168]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-10-10T00:00:00"}