Machine learning has progressed significantly in various applications ranging from face recognition to text generation. However, its success has been accompanied by different attacks. Recently a new attack has been proposed which raises both accountability and parasitic computing risks, namely the model hijacking attack. Nevertheless, this attack has only focused on image classification tasks. In this work, we broaden the scope of this attack to include text generation and classification models, hence showing its broader applicability. More concretely, we propose a new model hijacking attack, Ditto, that can hijack different text classification tasks into multiple generation ones, e.g., language translation, text summarization, and language modeling. We use a range of text benchmark datasets such as SST-2, TweetEval, AGnews, QNLI, and IMDB to evaluate the performance of our attacks. Our results show that by using Ditto, an adversary can successfully hijack text generation models without jeopardizing their utility.

翻译：机器学习在从人脸识别到文本生成等多种应用中取得了显著进展。然而，其成功也伴随着各种攻击。最近，一种新攻击被提出，它不仅带来了问责风险，还带来了寄生计算风险，即模型劫持攻击。然而，这种攻击目前仅聚焦于图像分类任务。在本工作中，我们将这一攻击的范围扩展至包括文本生成和分类模型，从而展示其更广泛的适用性。具体而言，我们提出了一种新的模型劫持攻击——Ditto，它能将不同的文本分类任务劫持为多种生成任务，例如语言翻译、文本摘要和语言建模。我们使用一系列文本基准数据集（如SST-2、TweetEval、AGnews、QNLI和IMDB）来评估攻击的性能。结果表明，通过使用Ditto，攻击者能够成功劫持文本生成模型，同时不损害其效用。