UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening
Abstract
Deep neural networks (DNNs) have demonstrated effectiveness in various fields. However, DNNs are vulnerable to backdoor attacks, which inject a unique pattern, called trigger, into the input to cause misclassification to an attack-chosen target label. While existing works have proposed various methods to mitigate backdoor effects in poisoned models, they tend to be less effective against recent advanced attacks. In this paper, we introduce a novel post-training defense technique that can effectively eliminate backdoor effects for a variety of attacks. In specific, approximates a unique and tight activation distribution for each neuron in the model. It then proactively dispels substantially large activation values that exceed the approximated boundaries. Our experimental results demonstrate that outperforms 7 popular defense methods against 14 existing backdoor attacks, including 2 advanced attacks, using only 5% of clean training data. is also cost efficient. The code is accessible at https://github.com/Megum1/UNIT.
Cite
Text
Cheng et al. "UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening." Proceedings of the European Conference on Computer Vision (ECCV), 2024. doi:10.1007/978-3-031-73033-7_15Markdown
[Cheng et al. "UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening." Proceedings of the European Conference on Computer Vision (ECCV), 2024.](https://mlanthology.org/eccv/2024/cheng2024eccv-unit/) doi:10.1007/978-3-031-73033-7_15BibTeX
@inproceedings{cheng2024eccv-unit,
title = {{UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening}},
author = {Cheng, Siyuan and Shen, Guangyu and Zhang, Kaiyuan and Tao, Guanhong and An, Shengwei and Guo, Hanxi and Ma, Shiqing and Zhang, Xiangyu},
booktitle = {Proceedings of the European Conference on Computer Vision (ECCV)},
year = {2024},
doi = {10.1007/978-3-031-73033-7_15},
url = {https://mlanthology.org/eccv/2024/cheng2024eccv-unit/}
}