Revolutionized by the transformer architecture, natural language processing (NLP) has received unprecedented attention. While advancements in NLP models have led to extensive research into their backdoor vulnerabilities, the potential for these advancements to introduce new backdoor threats remains unexplored. This paper proposes Imperio, which harnesses the language understanding capabilities of NLP models to enrich backdoor attacks. Imperio provides a new model control experience. It empowers the adversary to control the victim model with arbitrary output through language-guided instructions. This is achieved using a language model to fuel a conditional trigger generator, with optimizations designed to extend its language understanding capabilities to backdoor instruction interpretation and execution. Our experiments across three datasets, five attacks, and nine defenses confirm Imperio's effectiveness. It can produce contextually adaptive triggers from text descriptions and control the victim model with desired outputs, even in scenarios not encountered during training. The attack maintains a high success rate across complex datasets without compromising the accuracy of clean inputs and also exhibits resilience against representative defenses. The source code is available at \url{https://khchow.com/Imperio}.

翻译：受Transformer架构革新驱动，自然语言处理（NLP）获得了前所未有的关注。尽管NLP模型的进展已促使对其后门漏洞的广泛研究，但这些进展引入新型后门威胁的可能性仍未被探索。本文提出Imperio，它利用NLP模型的语言理解能力来增强后门攻击。Imperio提供了一种全新的模型控制体验：使攻击者能够通过语言引导指令，以任意输出控制受害模型。该实现通过使用语言模型驱动条件触发器生成器达成，并设计了优化方案将其语言理解能力扩展到后门指令的理解与执行。我们在三个数据集、五种攻击手段和九种防御策略上的实验证实了Imperio的有效性。该方法能从文本描述生成上下文自适应的触发器，并以期望输出控制受害模型——即使面对训练中未出现的场景。该攻击在复杂数据集上保持高成功率，且不影响干净输入的准确率，同时展现出对代表性防御策略的鲁棒性。源代码参见\url{https://khchow.com/Imperio}。