Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in [1]
CL-Attack: Textual Backdoor Attacks via Cross-Lingual Triggers
Authors: Jingyi Zheng, Tianyi Hu, Tianshuo Cong, Xinlei He
AAAI 2025 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on different tasks and model architectures demonstrate that CL-Attack can achieve nearly 100 percent attack success rate with a low poisoning rate in both classification and generation tasks. |
| Researcher Affiliation | Academia | 1Hong Kong University of Science and Technology (Guangzhou) 2Univeristy of Copenhagen 3Tsinghua University EMAIL, EMAIL, EMAIL, EMAIL |
| Pseudocode | Yes | Algorithm 1: Generate Samples & Train Models |
| Open Source Code | Yes | Code and data are available at https://github.com/TenneyHu/CrossLingualAttack |
| Open Datasets | Yes | First, in consistent with previous studies (Qi et al. 2021a; Chen et al. 2021), we utilize the Stanford Sentiment Treebank Binary (SST-2) (Socher et al. 2013), an English-only text sentiment classification dataset. Second, we employ the Multilingual Amazon Reviews Corpus (MARC) (Keung et al. 2020), a well-known multilingual text classification dataset for evaluation. Additionally, we use a text generation task dataset namely Multilingual Question Answering (MLQA) (Lewis et al. 2019) to simulate the multi-lingual scenario. |
| Dataset Splits | No | To demonstrate the attack effectiveness when fine-tuning on a small-scale dataset, we only use 4,000 random samples in each dataset. The paper implies test sets are used by referring to "poisoned test set" and "unpoisoned dataset" for evaluation metrics, but it doesn't specify their sizes or how they were created. |
| Hardware Specification | No | No specific hardware details are provided in the paper for running experiments. The paper mentions evaluating LLMs like Llama-3-8B-Instruct, Qwen2-7B-Instruct, and Qwen2-1.5B-Instruct, but no hardware specifications for training or inference are given. |
| Software Dependencies | No | The paper mentions using GPT-4o for translation, GPT-2 model for PPL calculation, MPNet3 model for TS calculation, and OPUS-MT model for Translate Defense. However, it does not provide specific version numbers for these or any other software libraries or dependencies used in the experiments. |
| Experiment Setup | Yes | During the training process, we employ supervised fine-tuning on all parameters to fine-tune the model, the initial learning rate is 5e 5. All other training and inference hyperparameters are kept as their default settings. |