Go to ACL ARR 2025 February homepageRobust Gradient Ascent for Backdoor Unlearning
Abstract: Backdoor attacks pose a significant threat to machine learning models, allowing adversaries to implant hidden triggers that alter model behavior when activated. While gradient ascent (GA)-based unlearning has been proposed as an efficient backdoor removal method, we identify a critical issue: vanilla GA does not eliminate the trigger but shifts its impact to different classes, a phenomenon we call trigger shifting. To address this, we propose Robust Gradient Ascent (RGA), which introduces a dynamic penalty mechanism to regulate GA's strength and prevent excessive unlearning. Our experiments show that RGA effectively removes backdoors while preserving model utility, offering a more reliable defense against backdoor attacks.
Paper Type: Long
Research Area: Language Modeling
Research Area Keywords: security and privacy, robustness
Contribution Types: Model analysis & interpretability
Languages Studied: English
Submission Number: 2514
Loading