Backdoor Token Unlearning: Exposing and Defending Backdoors in Pretrained Language Models
DOI:
https://doi.org/10.1609/aaai.v39i23.34605Abstract
Supervised fine-tuning has become the predominant method for adapting large pretrained models to downstream tasks. However, recent studies have revealed that these models are vulnerable to backdoor attacks, where even a small number of malicious samples can successfully embed backdoor triggers into the model. While most existing defense methods focus on post-training backdoor defense, efficiently defending against backdoor attacks during training phase remains largely unexplored. To address this gap, we propose a novel defense method called Backdoor Token Unlearning (BTU), which proactively detects and neutralizes trigger tokens during the training stage. Our work is based on two key findings: 1) backdoor learning causes distinctive differences between backdoor token parameters and clean token parameters in word embedding layers, and 2) the success of backdoor attacks heavily depends on backdoor token parameters. The BTU defense leverages these properties to identify aberrant embedding parameters and subsequently removes backdoor behaviors using a fine-grained unlearning technique. Extensive evaluations across three datasets and four types of backdoor attacks demonstrate that BTU effectively defends against these threats while preserving the model’s performance on primary tasks.
Downloads
Published
2025-04-11
How to Cite
Jiang, P., Lyu, X., Li, Y., & Ma, J. (2025). Backdoor Token Unlearning: Exposing and Defending Backdoors in Pretrained Language Models. Proceedings of the AAAI Conference on Artificial Intelligence, 39(23), 24285–24293. https://doi.org/10.1609/aaai.v39i23.34605
Issue
Section
AAAI Technical Track on Natural Language Processing II
