Background/Motivation:
Backdoor attacks are attacks on neural networks where a so-called trigger alters the decision-making behaviour of the networks, thereby creating vulnerabilities. These triggers can be injected into the training dataset or directly into the model weights. These are then called poisoned. Due to parameter-efficient fine-tuning methods, backdoor attacks on large language models (LLMs) have become significantly more difficult to detect, as a poisoned parameter update is harder to recognise than a poisoned dataset. Therefore, several methods have been developed recently to detect poisoned model updates.


Objective: Due to the variety of backdoor attacks, methods often detect far fewer attacks than they claim, as they frequently make assumptions tha...