{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T03:21:21Z","timestamp":1743132081637,"version":"3.40.3"},"publisher-location":"Cham","reference-count":45,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031757563"},{"type":"electronic","value":"9783031757570"}],"license":[{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-75757-0_7","type":"book-chapter","created":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:03:12Z","timestamp":1729594992000},"page":"127-144","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Risk of\u00a0Text Backdoor Attacks Under Dataset Distillation"],"prefix":"10.1007","author":[{"given":"Kejun","family":"Zhang","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0004-7571-606X","authenticated-orcid":false,"given":"Yutuo","family":"Song","sequence":"additional","affiliation":[]},{"given":"Shaofei","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Pengcheng","family":"Li","sequence":"additional","affiliation":[]},{"given":"Rong","family":"Qian","sequence":"additional","affiliation":[]},{"given":"Pengzhi","family":"Han","sequence":"additional","affiliation":[]},{"given":"Lingyun","family":"Xu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,17]]},"reference":[{"key":"7_CR1","unstructured":"Brown, T., et al.: Language models are few-shot learners. In: Advances in Neural Information Processing Systems, vol. 33, pp. 1877\u20131901 (2020)"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Carlini, N., Chien, S., Nasr, M., Song, S., Terzis, A., Tramer, F.: Membership inference attacks from first principles. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1897\u20131914. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833649"},{"key":"7_CR3","doi-asserted-by":"crossref","unstructured":"Chen, X., et al.: BadNL: backdoor attacks against NLP models with semantic-preserving improvements. In: Proceedings of the 37th Annual Computer Security Applications Conference, pp. 554\u2013569 (2021)","DOI":"10.1145\/3485832.3485837"},{"key":"7_CR4","unstructured":"Cui, G., Yuan, L., He, B., Chen, Y., Liu, Z., Sun, M.: A unified evaluation of textual backdoor learning: frameworks and benchmarks. In: Advances in Neural Information Processing Systems, vol. 35, pp. 5009\u20135023 (2022)"},{"key":"7_CR5","doi-asserted-by":"publisher","first-page":"138872","DOI":"10.1109\/ACCESS.2019.2941376","volume":"7","author":"J Dai","year":"2019","unstructured":"Dai, J., Chen, C., Li, Y.: A backdoor attack against LSTM-based text classification systems. IEEE Access 7, 138872\u2013138878 (2019)","journal-title":"IEEE Access"},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Davidson, T., Warmsley, D., Macy, M., Weber, I.: Automated hate speech detection and the problem of offensive language. In: Proceedings of the International AAAI Conference on Web and Social Media, vol.\u00a011, pp. 512\u2013515 (2017)","DOI":"10.1609\/icwsm.v11i1.14955"},{"key":"7_CR7","unstructured":"Finn, C., Abbeel, P., Levine, S.: Model-agnostic meta-learning for fast adaptation of deep networks. In: International Conference on Machine Learning, pp. 1126\u20131135. PMLR (2017)"},{"issue":"4","key":"7_CR8","doi-asserted-by":"publisher","first-page":"2349","DOI":"10.1109\/TDSC.2021.3055844","volume":"19","author":"Y Gao","year":"2021","unstructured":"Gao, Y.: Design and evaluation of a multi-domain trojan detection method on deep neural networks. IEEE Trans. Dependable Secure Comput. 19(4), 2349\u20132364 (2021)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"issue":"6","key":"7_CR9","doi-asserted-by":"publisher","first-page":"1789","DOI":"10.1007\/s11263-021-01453-z","volume":"129","author":"J Gou","year":"2021","unstructured":"Gou, J., Yu, B., Maybank, S.J., Tao, D.: Knowledge distillation: a survey. Int. J. Comput. Vision 129(6), 1789\u20131819 (2021)","journal-title":"Int. J. Comput. Vision"},{"key":"7_CR10","unstructured":"Gu, T., Dolan-Gavitt, B., Garg, S.: Badnets: identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)"},{"key":"7_CR11","unstructured":"Gupta, S., Huang, Y., Zhong, Z., Gao, T., Li, K., Chen, D.: Recovering private text in federated learning of language models. In: Advances in Neural Information Processing Systems, vol. 35, pp. 8130\u20138143 (2022)"},{"key":"7_CR12","unstructured":"Kenton, J.D.M.W.C., Toutanova, L.K.: Bert: pre-training of deep bidirectional transformers for language understanding. In: Proceedings of NAACL-HLT, pp. 4171\u20134186 (2019)"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Krishna, K., Wieting, J., Iyyer, M.: Reformulating unsupervised style transfer as paraphrase generation. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 737\u2013762 (2020)","DOI":"10.18653\/v1\/2020.emnlp-main.55"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Kurita, K., Michel, P., Neubig, G.: Weight poisoning attacks on pretrained models. In: Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics, pp. 2793\u20132806 (2020)","DOI":"10.18653\/v1\/2020.acl-main.249"},{"key":"7_CR15","unstructured":"Li, G., Togo, R., Ogawa, T., Haseyama, M.: Dataset distillation for medical dataset sharing. arXiv preprint arXiv:2209.14603 (2022)"},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"Li, L., Ma, R., Guo, Q., Xue, X., Qiu, X.: Bert-attack: adversarial attack against BERT using BERT. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 6193\u20136202 (2020)","DOI":"10.18653\/v1\/2020.emnlp-main.500"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Li, S., et al.: Hidden backdoors in human-centric language models. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 3123\u20133140 (2021)","DOI":"10.1145\/3460120.3484576"},{"key":"7_CR18","unstructured":"Li, Y., Li, W.: Data distillation for text classification. arXiv preprint arXiv:2104.08448 (2021)"},{"issue":"18","key":"7_CR19","doi-asserted-by":"publisher","first-page":"3698","DOI":"10.3390\/app9183698","volume":"9","author":"S Liu","year":"2019","unstructured":"Liu, S., Zhang, X., Zhang, S., Wang, H., Zhang, W.: Neural machine reading comprehension: methods and trends. Appl. Sci. 9(18), 3698 (2019)","journal-title":"Appl. Sci."},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Liu, Y., Li, Z., Backes, M., Shen, Y., Zhang, Y.: Backdoor attacks against dataset distillation. arXiv preprint arXiv:2301.01197 (2023)","DOI":"10.14722\/ndss.2023.24287"},{"key":"7_CR21","unstructured":"Maclaurin, D., Duvenaud, D., Adams, R.: Gradient-based hyperparameter optimization through reversible learning. In: International Conference on Machine Learning, pp. 2113\u20132122. PMLR (2015)"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Maekawa, A., Kobayashi, N., Funakoshi, K., Okumura, M.: Dataset distillation with attention labels for fine-tuning BERT. In: Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics (Volume 2: Short Papers), pp. 119\u2013127 (2023)","DOI":"10.18653\/v1\/2023.acl-short.12"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Morris, J., Lifland, E., Yoo, J.Y., Grigsby, J., Jin, D., Qi, Y.: Textattack: a framework for adversarial attacks, data augmentation, and adversarial training in NLP. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pp. 119\u2013126 (2020)","DOI":"10.18653\/v1\/2020.emnlp-demos.16"},{"key":"7_CR24","unstructured":"Nichol, A., Achiam, J., Schulman, J.: On first-order meta-learning algorithms. arXiv preprint arXiv:1803.02999 (2018)"},{"key":"7_CR25","unstructured":"Pan, X., Zhang, M., Sheng, B., Zhu, J., Yang, M.: Hidden trigger backdoor attack on $$\\{$$NLP$$\\}$$ models via linguistic style manipulation. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 3611\u20133628 (2022)"},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Pei, H., Jia, J., Guo, W., Li, B., Song, D.: Textguard: provable defense against backdoor attacks on text classification. arXiv preprint arXiv:2311.11225 (2023)","DOI":"10.14722\/ndss.2024.24090"},{"key":"7_CR27","doi-asserted-by":"publisher","first-page":"124990","DOI":"10.1109\/ACCESS.2022.3224788","volume":"10","author":"SN Prabhakar","year":"2022","unstructured":"Prabhakar, S.N., Deshwal, A., Mishra, R., Kim, H.: Distilnas: neural architecture search with distilled data. IEEE Access 10, 124990\u2013124998 (2022)","journal-title":"IEEE Access"},{"key":"7_CR28","doi-asserted-by":"crossref","unstructured":"Qi, F., Chen, Y., Zhang, X., Li, M., Liu, Z., Sun, M.: Mind the style of text! adversarial and backdoor attacks based on text style transfer. In: Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, pp. 4569\u20134580 (2021)","DOI":"10.18653\/v1\/2021.emnlp-main.374"},{"key":"7_CR29","doi-asserted-by":"crossref","unstructured":"Qi, F., et al.: Hidden killer: invisible textual backdoor attacks with syntactic trigger. In: Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers), pp. 443\u2013453 (2021)","DOI":"10.18653\/v1\/2021.acl-long.37"},{"key":"7_CR30","doi-asserted-by":"crossref","unstructured":"Qi, F., Yao, Y., Xu, S., Liu, Z., Sun, M.: Turn the combination lock: learnable textual backdoor attacks via word substitution. In: Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers), pp. 4873\u20134883 (2021)","DOI":"10.18653\/v1\/2021.acl-long.377"},{"key":"7_CR31","unstructured":"Radford, A., et al.: Language models are unsupervised multitask learners. In: OSDI 2004: Sixth Symposium on Operating System Design and Implementation, pp. 137\u2013150 (2004)"},{"key":"7_CR32","doi-asserted-by":"crossref","unstructured":"Salem, A., Zhang, Y., Humbert, M., Fritz, M., Backes, M.: ML-leaks: model and data independent membership inference attacks and defenses on machine learning models. In: Network and Distributed Systems Security Symposium 2019. Internet Society (2019)","DOI":"10.14722\/ndss.2019.23119"},{"key":"7_CR33","doi-asserted-by":"crossref","unstructured":"Sheng, X., Han, Z., Li, P., Chang, X.: A survey on backdoor attack and defense in natural language processing. In: 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), pp. 809\u2013820. IEEE (2022)","DOI":"10.1109\/QRS57517.2022.00086"},{"key":"7_CR34","doi-asserted-by":"crossref","unstructured":"Singh, S.P., Kumar, A., Darbari, H., Singh, L., Rastogi, A., Jain, S.: Machine translation using deep learning: an overview. In: 2017 International Conference on Computer, Communications and Electronics (Comptelix), pp. 162\u2013167. IEEE (2017)","DOI":"10.1109\/COMPTELIX.2017.8003957"},{"key":"7_CR35","doi-asserted-by":"crossref","unstructured":"Socher, R., et al.: Recursive deep models for semantic compositionality over a sentiment treebank. In: Proceedings of the 2013 Conference on Empirical Methods in Natural Language Processing, pp. 1631\u20131642 (2013)","DOI":"10.18653\/v1\/D13-1170"},{"key":"7_CR36","doi-asserted-by":"crossref","unstructured":"Sucholutsky, I., Schonlau, M.: Soft-label dataset distillation and text dataset distillation. In: 2021 International Joint Conference on Neural Networks (IJCNN), pp.\u00a01\u20138. IEEE (2021)","DOI":"10.1109\/IJCNN52387.2021.9533769"},{"key":"7_CR37","unstructured":"Tang, R.R., Yuan, J., Li, Y., Liu, Z., Chen, R., Hu, X.: Setting the trap: capturing and defeating backdoors in pretrained language models through honeypots. In: Advances in Neural Information Processing Systems, vol. 36, pp. 73191\u201373210 (2023)"},{"key":"7_CR38","unstructured":"Wang, T., Zhu, J.Y., Torralba, A., Efros, A.A.: Dataset distillation. arXiv preprint arXiv:1811.10959 (2018)"},{"key":"7_CR39","unstructured":"Wolf, T., et\u00a0al.: Transformers: state-of-the-art natural language processing. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pp. 38\u201345 (2020)"},{"key":"7_CR40","unstructured":"Yang, A., et al.: Baichuan 2: open large-scale language models. arXiv preprint arXiv:2309.10305 (2023)"},{"key":"7_CR41","doi-asserted-by":"crossref","unstructured":"Yang, W., Lin, Y., Li, P., Zhou, J., Sun, X.: Rap: robustness-aware perturbations for defending against backdoor attacks on NLP models. In: Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, pp. 8365\u20138381 (2021)","DOI":"10.18653\/v1\/2021.emnlp-main.659"},{"key":"7_CR42","doi-asserted-by":"crossref","unstructured":"Zhai, S., et al.: NCL: textual backdoor defense using noise-augmented contrastive learning. In: ICASSP 2023-2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp.\u00a01\u20135. IEEE (2023)","DOI":"10.1109\/ICASSP49357.2023.10094700"},{"key":"7_CR43","doi-asserted-by":"crossref","unstructured":"Zhang, X., Zhang, Z., Ji, S., Wang, T.: Trojaning language models for fun and profit. In: 2021 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 179\u2013197. IEEE (2021)","DOI":"10.1109\/EuroSP51992.2021.00022"},{"key":"7_CR44","unstructured":"Zhou, Y., Nezhadarya, E., Ba, J.: Dataset distillation using neural feature regression. In: Advances in Neural Information Processing Systems, vol. 35, pp. 9813\u20139827 (2022)"},{"issue":"1","key":"7_CR45","doi-asserted-by":"publisher","first-page":"325","DOI":"10.11591\/ijeecs.v19.i1.pp325-335","volume":"19","author":"M Zulqarnain","year":"2020","unstructured":"Zulqarnain, M., Ghazali, R., Hassim, Y.M.M., Rehan, M.: A comparative review on deep learning models for text classification. Indonesian J. Electr. Eng. Comput. Sci. 19(1), 325\u2013335 (2020)","journal-title":"Indonesian J. Electr. Eng. Comput. Sci."}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-75757-0_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T01:14:17Z","timestamp":1732929257000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-75757-0_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,17]]},"ISBN":["9783031757563","9783031757570"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-75757-0_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,10,17]]},"assertion":[{"value":"17 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arlington, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/isc24.cs.gmu.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}