Go to DBLP homepageS-Teapot: Swift and Efficient Defense Against Patch-Based Backdoor Attack
Abstract: Recent studies emphasize the serious threat posed by backdoor attacks when training deep models on data from untrustworthy sources. Despite the emergence of various backdoor attack paradigms, the patch-based approach stands out as the most sought-after and effective method of poisoning. However, current defenses against such attacks often exhibit rudimentary and highly inefficient, sometimes necessitating days for implementation. To mitigate this, we propose a swift and efficient defense against patch-based backdoor attacks, called S-teapot. S-teapot rapidly identifies whether an untrusted dataset has been backdoored and determines the backdoored labels based on the model's high confidence in the poisoning sample and the consistency of the backdoor pixels. S-teapot outperforms existing backdoor attack detection schemes by a speedup factor ranging from 30 to 259. Furthermore, we leverage the abnormality of the backdoor pixels to reverse the backdoor trigger, resulting in a similarity increase of 0.6 to 32 times compared to existing methods. To obtain a clean model, S-teapot accurately localizes poisoning samples through similarity calculations, with nearly 100% precision. Leveraging the precision of the reverse triggers, S-teapot employs an inpaint method to convert the poisoning samples into clean ones, yielding up to 8.16% improvement in accuracy.
External IDs:dblp:journals/tdsc/YangMLLLM25
Loading