IBD-PSC: Input-level Backdoor Detection via Parameter-oriented Scaling Consistency
Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:42MO2BR4record.jsonopen to challenge →
read the original abstract
Deep neural networks (DNNs) are vulnerable to backdoor attacks, where adversaries can maliciously trigger model misclassifications by implanting a hidden backdoor during model training. This paper proposes a simple yet effective input-level backdoor detection (dubbed IBD-PSC) as a `firewall' to filter out malicious testing images. Our method is motivated by an intriguing phenomenon, i.e., parameter-oriented scaling consistency (PSC), where the prediction confidences of poisoned samples are significantly more consistent than those of benign ones when amplifying model parameters. In particular, we provide theoretical analysis to safeguard the foundations of the PSC phenomenon. We also design an adaptive method to select BN layers to scale up for effective detection. Extensive experiments are conducted on benchmark datasets, verifying the effectiveness and efficiency of our IBD-PSC method and its resistance to adaptive attacks. Codes are available at \href{https://github.com/THUYimingLi/BackdoorBox}{BackdoorBox}.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
Toward a Generalized Defense Across Sparse, Continuous, and Structured Parameter Attacks
ParDef defends DNNs against sparse, continuous, and structured parameter attacks via keyed reparameterization, error-correcting quantization, and robust inference, with evaluations on CIFAR and Tiny-ImageNet showing r...
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.