Defending Against Patch-based Backdoor Attacks on Self-Supervised Learning

被引：5

作者：

Tejankar, Ajinkya ^{[1
]}

Sanjabi, Maziar ^{[2
]}

Wang, Qifan ^{[2
]}

Wang, Sinong ^{[2
]}

Firooz, Hamed ^{[2
]}

Pirsiavash, Hamed ^{[1
]}

Tan, Liang ^{[2
]}

机构：

[1] Univ Calif Davis, Davis, CA 95616 USA

[2] Meta AI, Delaware, OH USA

来源：

2023 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR) | 2023年

关键词：

D O I：

10.1109/CVPR52729.2023.01178

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Recently, self-supervised learning (SSL) was shown to be vulnerable to patch-based data poisoning backdoor attacks. It was shown that an adversary can poison a small part of the unlabeled data so that when a victim trains an SSL model on it, the final model will have a backdoor that the adversary can exploit. This work aims to defend self-supervised learning against such attacks. We use a three-step defense pipeline, where we first train a model on the poisoned data. In the second step, our proposed defense algorithm (PatchSearch) uses the trained model to search the training data for poisoned samples and removes them from the training set. In the third step, a final model is trained on the cleaned-up training set. Our results show that PatchSearch is an effective defense. As an example, it improves a model's accuracy on images containing the trigger from 38.2% to 63.7% which is very close to the clean model's accuracy, 64.6%. Moreover, we show that PatchSearch outperforms baselines and state-of-the-art defense approaches including those using additional clean, trusted data. Our code is available at https://github.com/UCDvision/PatchSearch

引用

页码：12239 / 12249

页数：11

共 50 条

[1] Backdoor Attacks on Self-Supervised Learning
Saha, Aniruddha
Tejankar, Ajinkya
Koohpayegani, Soroush Abbasi
Pirsiavash, Hamed
2022 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR), 2022, : 13327 - 13336
[2] BADFSS: Backdoor Attacks on Federated Self-Supervised Learning
Zhang, Jiale
Zhu, Chengcheng
Di Wu
Sun, Xiaobing
Yong, Jianming
Long, Guodong
PROCEEDINGS OF THE THIRTY-THIRD INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, IJCAI 2024, 2024, : 548 - 558
[3] Invisible Backdoor Attacks on Key Regions Based on Target Neurons in Self-Supervised Learning
Qian, Xiangyun
He, Yusheng
Zhang, Rui
Kang, Zi
Sheng, Yilin
Xia, Hui
KNOWLEDGE SCIENCE, ENGINEERING AND MANAGEMENT, PT III, KSEM 2024, 2024, 14886 : 122 - 134
[4] BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning
Jia, Jinyuan
Liu, Yupei
Gong, Neil Zhenqiang
43RD IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2022), 2022, : 2043 - 2059
[5] On the Difficulty of Defending Self-Supervised Learning against Model Extraction
Dziedzic, Adam
Dhawan, Nikita
Kaleem, Muhammad Ahmad
Guan, Jonas
Papernot, Nicolas
INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 162, 2022,
[6] FedPD: Defending federated prototype learning against backdoor attacks
Tan, Zhou
Cai, Jianping
Li, De
Lian, Puwei
Liu, Ximeng
Che, Yan
NEURAL NETWORKS, 2025, 184
[7] RoPE: Defending against backdoor attacks in federated learning systems
Wang, Yongkang
Zhai, Di-Hua
Xia, Yuanqing
KNOWLEDGE-BASED SYSTEMS, 2024, 293
[8] DEFENDING AGAINST BACKDOOR ATTACKS IN FEDERATED LEARNING WITH DIFFERENTIAL PRIVACY
Miao, Lu
Yang, Wei
Hu, Rong
Li, Lu
Huang, Liusheng
2022 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH AND SIGNAL PROCESSING (ICASSP), 2022, : 2999 - 3003
[9] Defending Against Data and Model Backdoor Attacks in Federated Learning
Wang, Hao
Mu, Xuejiao
Wang, Dong
Xu, Qiang
Li, Kaiju
IEEE INTERNET OF THINGS JOURNAL, 2024, 11 (24): : 39276 - 39294
[10] An Embarrassingly Simple Backdoor Attack on Self-supervised Learning
Li, Changjiang
Pang, Ren
Xi, Zhaohan
Du, Tianyu
Ji, Shouling
Yao, Yuan
Wang, Ting
2023 IEEE/CVF INTERNATIONAL CONFERENCE ON COMPUTER VISION, ICCV, 2023, : 4344 - 4355

← 1 2 3 4 5 →