{"id":"https://openalex.org/W4416018113","doi":"https://doi.org/10.1145/3746252.3761408","title":"Backdoor in Seconds: Unlocking Vulnerabilities in Large Pre-trained Models via Model Editing","display_name":"Backdoor in Seconds: Unlocking Vulnerabilities in Large Pre-trained Models via Model Editing","publication_year":2025,"publication_date":"2025-11-08","ids":{"openalex":"https://openalex.org/W4416018113","doi":"https://doi.org/10.1145/3746252.3761408","pmid":"https://pubmed.ncbi.nlm.nih.gov/41403758"},"language":"en","primary_location":{"id":"doi:10.1145/3746252.3761408","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3746252.3761408","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th ACM International Conference on Information and Knowledge Management","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","pubmed"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3746252.3761408","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103271367","display_name":"Dongliang Guo","orcid":"https://orcid.org/0000-0003-2856-4011"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Dongliang Guo","raw_affiliation_strings":["University of Virginia, Charlottesville, VA, USA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, VA, USA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033865274","display_name":"Mengxuan Hu","orcid":"https://orcid.org/0000-0002-8822-2884"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mengxuan Hu","raw_affiliation_strings":["University of Virginia, Charlottesville, VA, USA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, VA, USA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067459053","display_name":"Zihan Guan","orcid":"https://orcid.org/0000-0002-0331-3403"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zihan Guan","raw_affiliation_strings":["University of Virginia, Charlottesville, VA, USA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, VA, USA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101476865","display_name":"Junfeng Guo","orcid":"https://orcid.org/0009-0001-0419-4442"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Junfeng Guo","raw_affiliation_strings":["University of Maryland, College Park, MD, USA"],"affiliations":[{"raw_affiliation_string":"University of Maryland, College Park, MD, USA","institution_ids":["https://openalex.org/I66946132"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075881948","display_name":"Thomas Hartvigsen","orcid":"https://orcid.org/0000-0002-5288-2792"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Thomas Hartvigsen","raw_affiliation_strings":["University of Virginia, Charlottesville, USA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, USA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100359839","display_name":"Sheng Li","orcid":"https://orcid.org/0000-0003-1205-8632"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sheng Li","raw_affiliation_strings":["University of Virginia, Charlottesville, VA, USA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, VA, USA","institution_ids":["https://openalex.org/I51556381"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5103271367"],"corresponding_institution_ids":["https://openalex.org/I51556381"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.17228457,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2025","issue":null,"first_page":"750","last_page":"760"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9905999898910522,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9905999898910522,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.0012000000569969416,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.0010000000474974513,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9976999759674072},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5849999785423279},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4537000060081482},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.4287000000476837},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.3950999975204468},{"id":"https://openalex.org/keywords/range","display_name":"Range (aeronautics)","score":0.37059998512268066},{"id":"https://openalex.org/keywords/safer","display_name":"SAFER","score":0.3427000045776367}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9976999759674072},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7150999903678894},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5849999785423279},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5194000005722046},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4562000036239624},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4537000060081482},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.4287000000476837},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3950999975204468},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3714999854564667},{"id":"https://openalex.org/C204323151","wikidata":"https://www.wikidata.org/wiki/Q905424","display_name":"Range (aeronautics)","level":2,"score":0.37059998512268066},{"id":"https://openalex.org/C2776654903","wikidata":"https://www.wikidata.org/wiki/Q2601463","display_name":"SAFER","level":2,"score":0.3427000045776367},{"id":"https://openalex.org/C2777211547","wikidata":"https://www.wikidata.org/wiki/Q17141490","display_name":"Training (meteorology)","level":2,"score":0.32109999656677246},{"id":"https://openalex.org/C2776674983","wikidata":"https://www.wikidata.org/wiki/Q545981","display_name":"Image editing","level":3,"score":0.3160000145435333},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.30410000681877136},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.30219998955726624},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.28850001096725464},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.26249998807907104}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3746252.3761408","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3746252.3761408","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th ACM International Conference on Information and Knowledge Management","raw_type":"proceedings-article"},{"id":"pmid:41403758","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/41403758","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ... ACM International Conference on Information & Knowledge Management. ACM International Conference on Information and Knowledge Management","raw_type":null},{"id":"pmh:oai:pubmedcentral.nih.gov:12703712","is_oa":true,"landing_page_url":"https://pmc.ncbi.nlm.nih.gov/articles/PMC12703712/","pdf_url":null,"source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Proc ACM Int Conf Inf Knowl Manag","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.1145/3746252.3761408","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3746252.3761408","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th ACM International Conference on Information and Knowledge Management","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1565058763","display_name":null,"funder_award_id":"R01EB293388","funder_id":"https://openalex.org/F4320332161","funder_display_name":"National Institutes of Health"},{"id":"https://openalex.org/G6544927854","display_name":null,"funder_award_id":"IIS-2316306,CNS-2330215","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332161","display_name":"National Institutes of Health","ror":"https://ror.org/01cwqze88"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W2108598243","https://openalex.org/W2194775991","https://openalex.org/W2753783305","https://openalex.org/W2807363941","https://openalex.org/W2963037989","https://openalex.org/W2985913519","https://openalex.org/W2990270730","https://openalex.org/W3039176595","https://openalex.org/W3081178496","https://openalex.org/W3175215793","https://openalex.org/W3189812816","https://openalex.org/W4206118214","https://openalex.org/W4214564822","https://openalex.org/W4283819124","https://openalex.org/W4298140072","https://openalex.org/W4304091855","https://openalex.org/W4312233756","https://openalex.org/W4312933868","https://openalex.org/W4313175608","https://openalex.org/W4317927978","https://openalex.org/W4319793479","https://openalex.org/W4386065412","https://openalex.org/W4386065554","https://openalex.org/W4386066003","https://openalex.org/W4386072220","https://openalex.org/W4386075825","https://openalex.org/W4386790226","https://openalex.org/W4387841611","https://openalex.org/W4390889814","https://openalex.org/W4393161689","https://openalex.org/W4394717476","https://openalex.org/W4394779996","https://openalex.org/W4402753692","https://openalex.org/W4405181110"],"related_works":[],"abstract_inverted_index":{"Large":[0],"pre-trained":[1,48,64,82,95,141,176,205],"models":[2,33,65,83,206],"have":[3],"achieved":[4],"notable":[5],"success":[6],"across":[7,203],"a":[8,18],"range":[9],"of":[10,20,30,46,63,67,92,139,174,182,230],"downstream":[11,217],"tasks.":[12],"However,":[13],"recent":[14],"research":[15],"shows":[16],"that":[17],"type":[19],"adversarial":[21],"attack":[22,79,135,158],"(<i>i.e.,</i>":[23],"backdoor":[24,78,134,157,173],"attack)":[25],"can":[26],"manipulate":[27,101],"the":[28,43,57,74,88,98,110,137,172,180,183,187,192,197,228],"behavior":[29],"machine":[31],"learning":[32],"through":[34],"contaminating":[35],"their":[36],"training":[37,106,116,193,196],"dataset,":[38],"posing":[39],"significant":[40],"threat":[41],"in":[42,80,136],"real-world":[44],"application":[45],"large":[47,81,94,105,140,175],"model,":[49,152],"especially":[50],"for":[51,60,76,115,129],"those":[52],"customized":[53],"models.":[54,120,142],"Therefore,":[55],"addressing":[56],"unique":[58,90],"challenges":[59,91],"exploring":[61],"vulnerability":[62],"is":[66,235],"paramount":[68],"importance.":[69],"Through":[70],"empirical":[71],"studies":[72],"on":[73,216],"capability":[75],"performing":[77],"(<i>e.g.,</i>":[84],"ViT),":[85],"we":[86,125,148],"find":[87],"following":[89],"attacking":[93],"models:":[96],"1)":[97],"inability":[99],"to":[100],"or":[102,117,195],"even":[103],"access":[104],"datasets,":[107],"and":[108,132,212,215,224],"2)":[109],"substantial":[111],"computational":[112],"resources":[113],"required":[114],"fine-tuning":[118],"these":[119,123,146],"To":[121],"address":[122],"challenges,":[124],"establish":[126],"new":[127],"standards":[128],"an":[130,153,167],"effective":[131],"feasible":[133],"context":[138],"In":[143],"line":[144],"with":[145,186],"standards,":[147],"introduce":[149],"our":[150,231],"EDT":[151,165],"<b>E</b>fficient,":[154],"<b>D</b>ata-free,":[155],"<b>T</b>raining-free":[156],"method.":[159,232],"Inspired":[160],"by":[161],"model":[162],"editing":[163],"techniques,":[164],"injects":[166],"editing-based":[168],"lightweight":[169],"codebook":[170],"into":[171],"models,":[177],"which":[178],"replaces":[179],"embedding":[181],"poisoned":[184],"image":[185,189,220,222,225],"target":[188],"without":[190],"poisoning":[191],"dataset":[194],"victim":[198],"model.":[199],"Our":[200,233],"experiments,":[201],"conducted":[202],"various":[204],"such":[207],"as":[208],"ViT,":[209],"CLIP,":[210],"BLIP,":[211],"stable":[213],"diffusion,":[214],"tasks":[218],"including":[219],"classification,":[221],"captioning,":[223],"generation,":[226],"demonstrate":[227],"effectiveness":[229],"code":[234],"available":[236],"at":[237],"https://github.com/donglgcn/Editing/.":[238]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-11-08T00:00:00"}