Go to ACL ARR 2025 May homepageBeDKD: Backdoor Defense based on Directional Mapping Module and Adversarial Knowledge Distillation
Abstract: Although existing backdoor defenses have gained success in mitigating backdoor attacks, they still face substantial challenges. In particular, most of them rely on large amounts of clean data to weaken the backdoor mapping but generally struggle with residual trigger effects, resulting in persistently high attack success rates (ASR). Therefore, in this paper, we propose a novel $\textbf{B}$ackdoor d$\textbf{e}$fense method based on $\textbf{D}$irectional mapping module and adversarial $\textbf{K}$nowledge $\textbf{D}$istillation (BeDKD), which balances the trade-off between defense effectiveness and model performance using a small amount of clean and poisoned data. We first introduce a directional mapping module to identify poisoned data, which destroys clean mapping while keeping backdoor mapping on a small set of flipped clean data. Then, the adversarial knowledge distillation is designed to reinforce clean mapping and suppress backdoor mapping through a cycle iteration mechanism between trust and punish distillations using clean and identified poisoned data. We conduct experiments to mitigate mainstream attacks on three datasets, and experimental results demonstrate that BeDKD surpasses the state-of-the-art defenses and reduces the ASR by 99% without significantly reducing the CACC.
Paper Type: Long
Research Area: NLP Applications
Research Area Keywords: security/privacy
Contribution Types: NLP engineering experiment
Languages Studied: English
Keywords: Backdoor Attack, Backdoor Defense, Knowledge Distillation
Submission Number: 1325
Loading