Deep learning models are well known to be susceptible to backdoor attack,where the attacker only needs to provide a tampered dataset on which the triggers are injected.Models trained on the dataset will passively impl...Deep learning models are well known to be susceptible to backdoor attack,where the attacker only needs to provide a tampered dataset on which the triggers are injected.Models trained on the dataset will passively implant the backdoor,and triggers on the input can mislead the models during testing.Our study shows that the model shows different learning behaviors in clean and poisoned subsets during training.Based on this observation,we propose a general training pipeline to defend against backdoor attacks actively.Benign models can be trained from the unreli-able dataset by decoupling the learning process into three stages,i.e.,supervised learning,active unlearning,and active semi-supervised fine-tuning.The effectiveness of our approach has been shown in numerous experiments across various backdoor attacks and datasets.展开更多
Recently,deep neural networks have been shown to be vulnerable to backdoor attacks.A backdoor is inserted into neural networks via this attack paradigm,thus compromising the integrity of the network.As soon as an atta...Recently,deep neural networks have been shown to be vulnerable to backdoor attacks.A backdoor is inserted into neural networks via this attack paradigm,thus compromising the integrity of the network.As soon as an attacker presents a trigger during the testing phase,the backdoor in the model is activated,allowing the network to make specific wrong predictions.It is extremely important to defend against backdoor attacks since they are very stealthy and dangerous.In this paper,we propose a novel defense mechanism,Neural Behavioral Alignment(NBA),for backdoor removal.NBA optimizes the distillation process in terms of knowledge form and distillation samples to improve defense performance according to the characteristics of backdoor defense.NBA builds high-level representations of neural behavior within networks in order to facilitate the transfer of knowledge.Additionally,NBA crafts pseudo samples to induce student models exhibit backdoor neural behavior.By aligning the backdoor neural behavior from the student network with the benign neural behavior from the teacher network,NBA enables the proactive removal of backdoors.Extensive experiments show that NBA can effectively defend against six different backdoor attacks and outperform five state-of-the-art defenses.展开更多
基金supported by the National Nature Science Foundation of China under Grant No.62272007National Nature Science Foundation of China under Grant No.U1936119Major Technology Program of Hainan,China(ZDKJ2019003)。
文摘Deep learning models are well known to be susceptible to backdoor attack,where the attacker only needs to provide a tampered dataset on which the triggers are injected.Models trained on the dataset will passively implant the backdoor,and triggers on the input can mislead the models during testing.Our study shows that the model shows different learning behaviors in clean and poisoned subsets during training.Based on this observation,we propose a general training pipeline to defend against backdoor attacks actively.Benign models can be trained from the unreli-able dataset by decoupling the learning process into three stages,i.e.,supervised learning,active unlearning,and active semi-supervised fine-tuning.The effectiveness of our approach has been shown in numerous experiments across various backdoor attacks and datasets.
基金This work was supported by the National Natural Science Foundation of China under Grant No.62272007the National Natural Science Foundation of China under Grant No.U1936119the Major Science and Technology Project of Hainan Province under Grant No.ZDKJ2019003.
文摘Recently,deep neural networks have been shown to be vulnerable to backdoor attacks.A backdoor is inserted into neural networks via this attack paradigm,thus compromising the integrity of the network.As soon as an attacker presents a trigger during the testing phase,the backdoor in the model is activated,allowing the network to make specific wrong predictions.It is extremely important to defend against backdoor attacks since they are very stealthy and dangerous.In this paper,we propose a novel defense mechanism,Neural Behavioral Alignment(NBA),for backdoor removal.NBA optimizes the distillation process in terms of knowledge form and distillation samples to improve defense performance according to the characteristics of backdoor defense.NBA builds high-level representations of neural behavior within networks in order to facilitate the transfer of knowledge.Additionally,NBA crafts pseudo samples to induce student models exhibit backdoor neural behavior.By aligning the backdoor neural behavior from the student network with the benign neural behavior from the teacher network,NBA enables the proactive removal of backdoors.Extensive experiments show that NBA can effectively defend against six different backdoor attacks and outperform five state-of-the-art defenses.
