LeBD: A Run-time Defense Against Backdoor Attack in YOLO
Primary Area: representation learning for computer vision, audio, language, and other modalities
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Keywords: backdoor detector, physical world, YOLO, LayerCAM, counterfactual attribution
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.
Abstract: Backdoor attack poses a serious threat to deep neural networks (DNNs). An adversary can manipulate the prediction of a backdoored model by attaching a specific backdoor trigger to the input. However, existing defenses are mainly aimed at detecting backdoors in the digital world, which cannot meet the real-time requirement of application scenes in the physical world. We propose a LayerCAMenabled backdoor detector (LeBD) for monitoring backdoor attacks in the object detection (OD) network, YOLOv5. LeBD ultilizes LayerCAM to locate the trigger and give a risk warning at run-time. In order to further improve the precision of trigger localization, we propose a backdoor detector based on counterfactual attribution LayerCAM (CA-LeBD). We evaluated the performance of the backdoor detector on images in the digital world and video streams in the physical world. Extensive experiments demonstrate that LeBD and CA-LeBD can efficiently locate the trigger and mitigate the effect of backdoor in real time. In the physical world scene, the detection rate of backdoor can achieve over 90\%.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Supplementary Material: zip
Submission Number: 1696
Loading