{"id":19467625,"url":"https://github.com/thunlp/hiddenkiller","last_synced_at":"2025-04-25T11:31:42.085Z","repository":{"id":40988574,"uuid":"370041067","full_name":"thunlp/HiddenKiller","owner":"thunlp","description":"Code and data of the ACL-IJCNLP 2021 paper \"Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger\"","archived":false,"fork":false,"pushed_at":"2022-09-11T07:00:55.000Z","size":21469,"stargazers_count":42,"open_issues_count":1,"forks_count":9,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-04-03T20:23:44.944Z","etag":null,"topics":["backdoor-attacks","nlp","nlproc"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thunlp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-05-23T12:00:19.000Z","updated_at":"2025-03-18T10:14:51.000Z","dependencies_parsed_at":"2023-01-18T03:30:39.477Z","dependency_job_id":null,"html_url":"https://github.com/thunlp/HiddenKiller","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thunlp%2FHiddenKiller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thunlp%2FHiddenKiller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thunlp%2FHiddenKiller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thunlp%2FHiddenKiller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thunlp","download_url":"https://codeload.github.com/thunlp/HiddenKiller/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250808213,"owners_count":21490626,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor-attacks","nlp","nlproc"],"created_at":"2024-11-10T18:36:18.339Z","updated_at":"2025-04-25T11:31:37.047Z","avatar_url":"https://github.com/thunlp.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Hidden Killer\n\nThis is the official repository of the code and data of the ACL-IJCNLP 2021 paper **Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger** [[pdf](https://arxiv.org/pdf/2105.12400)].\n\n\n\n## Generate Poison Data\n\nWe have already prepared clean data for you in ./data/clean, containing 3 datasets (SST-2, Offenseval, AG's News) and SCPN poison data with 20% poison rate. \n\n\n\nYou can generate your own poison data following below instructions. \n\n1.Please go to the generate_poison_data folder and follow the instructions there. We have provided two methods to generate syntactic poison data.\n\n2.After running generate_by_openattack.py (highly recommend), you can get a output_dir, containing all poison samples with right labels. Then, run generate_poison_train_data.py to get the poison training and evaluation data used in experiments:\n\n```bash\npython data/generate_poison_train_data.py  --target_label 1 --poison_rate 30 --clean_data_path ./clean/sst-2/. --poison_data_path ./output_dir  --output_data_path ./scpn/30/sst-2/ \n```\n\nHere,  --poison_data_path is the directory generated from the first step, containing poison samples in train/dev/test files.  --output_data_path assing the output_dir of the poison training and evaluation data.\n\n\n\nIf you want to use other datasets, just follow the file structures in ./data/clean/SST-2, and go over the above procedure. \n\n\n\n\n\n## Attacks without Defenses\n\n#### BERT\n\n- normal backdoor attack without fine-tune on clean data\n\n  ```shell\n  CUDA_VISIBLE_DEVICES=0 python experiments/run_poison_bert.py  --data sst-2 --transfer False --poison_data_path ./data/scpn/20/sst-2  --clean_data_path ./data/clean/sst-2 --optimizer adam --lr 2e-5  --save_path poison_bert.pkl\n  ```\n\n- bert-transfer: fine-tune on clean data\n\n  ```bash\n  CUDA_VISIBLE_DEVICES=0 python experiments/run_poison_bert.py  --data sst-2 --transfer True --transfer_epoch 3  --poison_data_path ./data/scpn/20/sst-2  --clean_data_path ./data/clean/sst-2 --optimizer adam --lr 2e-5 \n  ```\n\n\n\n#### LSTM\n\n```bash\nCUDA_VISIBLE_DEVICES=0 python experiments/run_poison_lstm.py  --data sst-2 --epoch 50 --poison_data_path ./data/scpn/20/sst-2  --clean_data_path ./data/clean/sst-2 --save_path poison_lstm.pkl\n```\n\n\n\nHere, --poison_data_path is the directory generated by running the generate_poison_train_data.py mentioned above.  You may want to modify the hyperparameters. Please check the run_poison_bert.py file to see these hyperparameters.\n\n\n\n\n\n\n\n## Attacks with the Defense of ONION\n\nHere, we first inject a backdoor into LSTM/BERT by running run_poison_bert.py or run_poison_lstm.py to get the backdoor model. Then we test whether [ONION](https://github.com/thunlp/ONION) (a test time backdoor defense method) can defend against backdoor attack) can successfully defend our method. \n\n#### BERT\n\n  ```bash\nCUDA_VISIBLE_DEVICES=0 python experiments/test_poison_processed_bert_search.py  --data sst-2 --model_path poison_bert.pkl  --poison_data_path ./data/scpn/20/sst-2/test.tsv  --clean_data_path ./data/clean/sst-2/dev.tsv\n  ```\n\n#### LSTM\n\n  ```bash\nCUDA_VISIBLE_DEVICES=0 python experiments/test_poison_processed_lstm_search.py --data sst-2 --model_path poison_lstm.pkl  --poison_data_path ./data/scpn/20/sst-2/test.tsv  --clean_data_path ./data/clean/sst-2/dev.tsv  --vocab_data_path ./data/scpn/20/sst-2/train.tsv\n  ```\n\nHere, --model_path is the --save_path in run_poison_bert.py or run_poison_lstm.py to assign the path to saved backdoor model. \n\n\n\n\n\n## Citation\n\nPlease kindly cite our paper:\n\n```\n@article{qi2021hidden,\n  title={Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger},\n  author={Qi, Fanchao and Li, Mukai and Chen, Yangyi and Zhang, Zhengyan and Liu, Zhiyuan and Wang, Yasheng and Sun, Maosong},\n  journal={arXiv preprint arXiv:2105.12400},\n  year={2021}\n}\n```\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthunlp%2Fhiddenkiller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthunlp%2Fhiddenkiller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthunlp%2Fhiddenkiller/lists"}