DFaP: Data Filtering and Purification Against Backdoor Attacks

Haochen Wang*, Tianshi Mu, Guocong Feng, Shang Bo Wu, Yuanzhang Li

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The rapid development of deep learning has led to a dramatic increase in user demand for training data. As a result, users are often compelled to acquire data from unsecured external sources through automated methods or outsourcing. Therefore, severe backdoor attacks occur during the training data collection phase of the DNNs pipeline, where adversaries can stealthily control DNNs to make expected or unintended outputs by contaminating the training data. In this paper, we propose a novel backdoor defense framework called DFaP (Data Filter and Purify). DFaP can make backdoor samples with local-patch or full-image triggers added harmless without needing additional clean samples. With DFaP, users can safely train clean DNN models with unsecured data. We have conducted experiments on two networks (AlexNet, ResNet-34) and two datasets (CIFAR10, GTSRB). The experimental results show that DFaP can defend against six state-of-the-art backdoor attacks. In comparison to the other four defense methods, DFaP demonstrates superior performance with an average reduction in attack success rate of 98.01%.

Original languageEnglish
Title of host publicationArtificial Intelligence Security and Privacy - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Proceedings
EditorsJaideep Vaidya, Moncef Gabbouj, Jin Li
PublisherSpringer Science and Business Media Deutschland GmbH
Pages81-97
Number of pages17
ISBN (Print)9789819997848
DOIs
Publication statusPublished - 2024
Event1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023 - Guangzhou, China
Duration: 3 Dec 20235 Dec 2023

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14509 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023
Country/TerritoryChina
CityGuangzhou
Period3/12/235/12/23

Keywords

  • AI security
  • artificial intelligence
  • backdoor defense
  • data filtering
  • data purification
  • deep learning

Fingerprint

Dive into the research topics of 'DFaP: Data Filtering and Purification Against Backdoor Attacks'. Together they form a unique fingerprint.

Cite this

Wang, H., Mu, T., Feng, G., Wu, S. B., & Li, Y. (2024). DFaP: Data Filtering and Purification Against Backdoor Attacks. In J. Vaidya, M. Gabbouj, & J. Li (Eds.), Artificial Intelligence Security and Privacy - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Proceedings (pp. 81-97). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14509 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-99-9785-5_7