Despite the notable success of language models (LMs) in various natural language processing (NLP) tasks, the reliability of LMs is susceptible to backdoor attacks. Prior research attempts to mitigate backdoor learning while training the LMs on the poisoned dataset, yet struggles against complex backdoor attacks in real-world scenarios. In this paper, we investigate the learning mechanisms of backdoor LMs in the frequency space by Fourier analysis. Our findings indicate that the backdoor mapping presented on the poisoned datasets exhibits a more discernible inclination towards lower frequency compared to clean mapping, resulting in the faster convergence of backdoor mapping. To alleviate this dilemma, we propose Multi-Scale Low-Rank Adaptation (MuScleLoRA), which deploys multiple radial scalings in the frequency space with low-rank adaptation to the target model and further aligns the gradients when updating parameters. Through downscaling in the frequency space, MuScleLoRA encourages the model to prioritize the learning of relatively high-frequency clean mapping, consequently mitigating backdoor learning. Experimental results demonstrate that MuScleLoRA outperforms baselines significantly. Notably, MuScleLoRA reduces the average success rate of diverse backdoor attacks to below 15\% across multiple datasets and generalizes to various backbone LMs, including BERT, RoBERTa, and Llama2. The codes are available at https://github.com/ZrW00/MuScleLoRA.

翻译：尽管语言模型在各类自然语言处理任务中取得了显著成功，但其可靠性易受后门攻击影响。先前研究尝试在污染数据集上训练语言模型时缓解后门学习，但在现实场景中难以应对复杂的后门攻击。本文通过傅里叶分析从频率空间探究后门语言模型的学习机制。研究发现，相较于干净映射，污染数据集呈现的后门映射更倾向于低频区域，导致后门映射收敛更快。为解决这一困境，我们提出多尺度低秩适应方法，该方法在频率空间中部署多重径向缩放，通过低秩适配方式作用于目标模型，并在参数更新时对齐梯度。通过在频率空间进行降频处理，MuScleLoRA引导模型优先学习相对高频的干净映射，从而缓解后门学习。实验结果表明，MuScleLoRA显著优于基线方法。值得注意的是，MuScleLoRA将多个数据集上的多种后门攻击平均成功率降至15%以下，并可泛化至包括BERT、RoBERTa和Llama2在内的多种骨干语言模型。代码已开源至https://github.com/ZrW00/MuScleLoRA。