Self-supervised learning backdoor defense mixed with self-attention mechanism
DOI:
https://doi.org/10.54097/7hx9afkwKeywords:
Self-supervised, Self-attention, Backdoor defenseAbstract
Recent studies have shown that Deep Neural Networks (DNNs) are vulnerable to backdoor attacks, where attackers embed hidden backdoors into the DNN models by poisoning a small number of training samples. The attacked models perform normally on benign samples, but when the backdoor is activated, their prediction results will be maliciously altered. To address the issues of suboptimal backdoor defense effectiveness and limited generality, a hybrid self-attention mechanism-based self-supervised learning method for backdoor defense is proposed. This method defends against backdoor attacks by leveraging the attack characteristics of backdoor threats, aiming to mitigate their impact. It adopts a decoupling approach, disconnecting the association between poisoned samples and target labels, and enhances the connection between feature labels and clean labels by optimizing the feature extractor. Experimental results on CIFAR-10 and CIFAR-100 datasets show that this method performs moderately in terms of Clean Accuracy (CA), ranking at the median level. However, it achieves significant effectiveness in reducing the Attack Success Rate (ASR), especially against BadNets and Blended attacks, where its defense capability is notably superior to other methods, with attack success rates below 2%.
References
Saha A, Subramanya A, Pirsiavash H. Hidden trigger backdoor attacks[C]//Proceedings of the AAAI conference on artificial intelligence. 2020, 34(07): 11957-11965.
Huang K, Li Y, Wu B, et al. Backdoor defense via decoupling the training process[J]. arXiv preprint arXiv:2202.03423, 2022.
Guo W, Tondi B, Barni M. An overview of backdoor attacks against deep neural networks and possible defences[J]. IEEE Open Journal of Signal Processing, 2022, 3: 261-287.
Liu M, Sangiovanni-Vincentelli A, Yue X. Beating Backdoor Attack at Its Own Game[C]//Proceedings of the IEEE/CVF International Conference on Computer Vision. 2023: 4620-4629.
Kolesnikov A, Zhai X, Beyer L. Revisiting self-supervised visual representation learning[C]//Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. 2019: 1920-1929.
Gao Y, Doan B G, Zhang Z, et al. Backdoor attacks and countermeasures on deep learning: A comprehensive review[J]. arXiv preprint arXiv:2007.10760, 2020.
Chavan S, Choubey N. An automated diabetic retinopathy of severity grade classification using transfer learning and fine-tuning for fundus images[J]. Multimedia Tools and Applications, 2023, 82(24): 36859-36884.
Hardie R C, Barnard K J, Armstrong E E. Joint MAP registration and high-resolution image estimation using a sequence of undersampled images[J]. IEEE transactions on Image Processing, 1997, 6(12): 1621-1633.
Wang R, Guo H, Davis L S, et al. Covariance discriminative learning: A natural and efficient approach to image set classification[C]//2012 IEEE conference on computer vision and pattern recognition. IEEE, 2012: 2496-2503.
Feng X, Shen Y, Wang D. Review on the development of image-based data enhancement methods [J]. Computer Science and Application, 2021, 11: 370.
Pan X, Ge C, Lu R, et al. On the integration of self-attention and convolution[C]//Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. 2022: 815-825.
Yang A, Yang X, Wu W, et al. Research on feature extraction of tumor image based on convolutional neural network[J]. IEEE access, 2019, 7: 24204-24213.
Gao K, Bai Y, Gu J, et al. Backdoor defense via adaptively splitting poisoned dataset[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2023: 4005-4014.
Chen X, Liu C, Li B, et al. Targeted backdoor attacks on deep learning systems using data poisoning[J]. arXiv preprint arXiv:1712.05526, 2017.
Praveen S P, Srinivasu P N, Shafi J, et al. ResNet-32 and FastAI for diagnoses of ductal carcinoma from 2D tissue slides[J]. Scientific Reports, 2022, 12(1): 20804.
Huang K, Li Y, Wu B, et al. Backdoor defense via decoupling the training process[J]. arXiv preprint arXiv:2202.03423, 2022.
Kolesnikov A, Zhai X, Beyer L. Revisiting self-supervised visual representation learning[C]//Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. 2019: 1920-1929.
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.