Reading notes about OpenBackdoor.

Abstract

This paper focus on textual backdoor attacks, which highlights two issues in privious backdoor learning evaluations:

  1. real-wolrd scenarios differs
  2. evaluation ignore that poisoned samples’ stealthy and semantic-preserving

Contribution:

  1. categorize existing scenarios
  2. new stealthy and semantic-preserving metrics