Mitigating backdoor attacks in LSTM-based text classification systems by Backdoor Keyword Identification

It has been proved that deep neural networks are facing a new threat called backdoor attacks, where the adversary can inject backdoors into network model through poisoning training dataset. When input containing some special pattern trigger, with will carry out malicious task such as misclassification specified by adversaries. In text classification systems, inserted in models cause spam or speech to escape detection. Previous work mainly focused on defense of attacks computer vision, little attention paid method for RNN regarding classification. this paper, analyzing changes inner LSTM neurons, we proposed Backdoor Keyword Identification (BKI) mitigate which performs against LSTM-based data poisoning. This identify and exclude samples crafted insert from without verified trusted We evaluate our four different datset: IMDB, DBpedia ontology, 20 newsgroups Reuters-21578 all achieves good performance regardless trigger sentences.