Prototype-Guided Robust Learning against Backdoor Attacks
By: Wei Guo , Maura Pintor , Ambra Demontis and more
Potential Business Impact:
Stops bad code from tricking smart computer programs.
Backdoor attacks poison the training data to embed a backdoor in the model, causing it to behave normally on legitimate inputs but maliciously when specific trigger signals appear. Training a benign model from a dataset poisoned by backdoor attacks is challenging. Existing works rely on various assumptions and can only defend against backdoor attacks with specific trigger signals, high poisoning ratios, or when the defender possesses a large, untainted, validation dataset. In this paper, we propose a defense called Prototype-Guided Robust Learning (PGRL), which overcomes all the aforementioned limitations, being robust against diverse backdoor attacks. Leveraging a tiny set of benign samples, PGRL generates prototype vectors to guide the training process. We compare our PGRL with 8 existing defenses, showing that it achieves superior robustness. We also demonstrate that PGRL generalizes well across various architectures, datasets, and advanced attacks. Finally, to evaluate our PGRL in the worst-case scenario, we perform an adaptive attack, where the attackers fully know the details of the defense.
Similar Papers
Prototype Guided Backdoor Defense
CV and Pattern Recognition
Stops bad data from tricking smart computer programs.
Variance-Based Defense Against Blended Backdoor Attacks
Machine Learning (CS)
Finds hidden tricks in AI training data.
BAPFL: Exploring Backdoor Attacks Against Prototype-based Federated Learning
Machine Learning (CS)
Makes AI models safer from sneaky attacks.