Timezone: »
Poisoning-based backdoor attacks are serious threat for training deep models on data from untrustworthy sources. Given a backdoored model, we observe that the feature representations of poisoned samples with trigger are more sensitive to transformations than those of clean samples. It inspires us to design a simple sensitivity metric, called feature consistency towards transformations (FCT), to distinguish poisoned samples from clean samples in the untrustworthy training set. Moreover, we propose two effective backdoor defense methods. Built upon a sample-distinguishment module utilizing the FCT metric, the first method trains a secure model from scratch using a two-stage secure training module. And the second method removes backdoor from a backdoored model with a backdoor removal module which alternatively unlearns the distinguished poisoned samples and relearns the distinguished clean samples. Extensive results on three benchmark datasets demonstrate the superior defense performance against eight types of backdoor attacks, to state-of-the-art backdoor defenses. Codes are available at: https://github.com/SCLBD/Effectivebackdoordefense.
Author Information
Weixin Chen (Tsinghua University)
Baoyuan Wu (The Chinese University of Hong Kong, Shenzhen)
Haoqian Wang (Tsinghua Shenzhen International Graduate School)
Related Events (a corresponding poster, oral, or spotlight)
-
2022 Poster: Effective Backdoor Defense by Exploiting Sensitivity of Poisoned Samples »
Dates n/a. Room
More from the Same Authors
-
2022 Poster: BackdoorBench: A Comprehensive Benchmark of Backdoor Learning »
Baoyuan Wu · Hongrui Chen · Mingda Zhang · Zihao Zhu · Shaokui Wei · Danni Yuan · Chao Shen -
2022 Spotlight: BackdoorBench: A Comprehensive Benchmark of Backdoor Learning »
Baoyuan Wu · Hongrui Chen · Mingda Zhang · Zihao Zhu · Shaokui Wei · Danni Yuan · Chao Shen -
2022 Spotlight: Lightning Talks 5B-4 »
Yuezhi Yang · Zeyu Yang · Yong Lin · Yishi Xu · Linan Yue · Tao Yang · Weixin Chen · Qi Liu · Jiaqi Chen · Dongsheng Wang · Baoyuan Wu · Yuwang Wang · Hao Pan · Shengyu Zhu · Zhenwei Miao · Yan Lu · Lu Tan · Bo Chen · Yichao Du · Haoqian Wang · Wei Li · Yanqing An · Ruiying Lu · Peng Cui · Nanning Zheng · Li Wang · Zhibin Duan · Xiatian Zhu · Mingyuan Zhou · Enhong Chen · Li Zhang -
2022 Poster: Boosting the Transferability of Adversarial Attacks with Reverse Adversarial Perturbation »
Zeyu Qin · Yanbo Fan · Yi Liu · Li Shen · Yong Zhang · Jue Wang · Baoyuan Wu -
2022 Poster: Degradation-Aware Unfolding Half-Shuffle Transformer for Spectral Compressive Imaging »
Yuanhao Cai · Jing Lin · Haoqian Wang · Xin Yuan · Henghui Ding · Yulun Zhang · Radu Timofte · Luc V Gool -
2021 Poster: Learning to Generate Realistic Noisy Images via Pixel-level Noise-aware Adversarial Training »
Yuanhao Cai · Xiaowan Hu · Haoqian Wang · Yulun Zhang · Hanspeter Pfister · Donglai Wei