DFaP: Data Filtering and Purification Against Backdoor Attacks

Haochen Wang; Tianshi Mu; Guocong Feng; Shang Bo Wu; Yuanzhang Li

doi:10.1007/978-981-99-9785-5_7

DFaP: Data Filtering and Purification Against Backdoor Attacks

Haochen Wang^*, Tianshi Mu, Guocong Feng, Shang Bo Wu, Yuanzhang Li

^*此作品的通讯作者

计算机学院

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

The rapid development of deep learning has led to a dramatic increase in user demand for training data. As a result, users are often compelled to acquire data from unsecured external sources through automated methods or outsourcing. Therefore, severe backdoor attacks occur during the training data collection phase of the DNNs pipeline, where adversaries can stealthily control DNNs to make expected or unintended outputs by contaminating the training data. In this paper, we propose a novel backdoor defense framework called DFaP (Data Filter and Purify). DFaP can make backdoor samples with local-patch or full-image triggers added harmless without needing additional clean samples. With DFaP, users can safely train clean DNN models with unsecured data. We have conducted experiments on two networks (AlexNet, ResNet-34) and two datasets (CIFAR10, GTSRB). The experimental results show that DFaP can defend against six state-of-the-art backdoor attacks. In comparison to the other four defense methods, DFaP demonstrates superior performance with an average reduction in attack success rate of 98.01%.

源语言	英语
主期刊名	Artificial Intelligence Security and Privacy - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Proceedings
编辑	Jaideep Vaidya, Moncef Gabbouj, Jin Li
出版商	Springer Science and Business Media Deutschland GmbH
页	81-97
页数	17
ISBN（印刷版）	9789819997848
DOI	https://doi.org/10.1007/978-981-99-9785-5_7
出版状态	已出版 - 2024
活动	1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023 - Guangzhou, 中国期限: 3 12月 2023 → 5 12月 2023

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	14509 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023
国家/地区	中国
市	Guangzhou
时期	3/12/23 → 5/12/23

访问文件

10.1007/978-981-99-9785-5_7

其它文件与链接

链接到 Scopus 的出版物

引用此

Wang, H., Mu, T., Feng, G., Wu, S. B., & Li, Y. (2024). DFaP: Data Filtering and Purification Against Backdoor Attacks. 在 J. Vaidya, M. Gabbouj, & J. Li (编辑), Artificial Intelligence Security and Privacy - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Proceedings (页码 81-97). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 14509 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-99-9785-5_7

Wang, Haochen ; Mu, Tianshi ; Feng, Guocong 等. / DFaP : Data Filtering and Purification Against Backdoor Attacks. Artificial Intelligence Security and Privacy - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Proceedings. 编辑 / Jaideep Vaidya ; Moncef Gabbouj ; Jin Li. Springer Science and Business Media Deutschland GmbH, 2024. 页码 81-97 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{dff8101bfbeb4a76966de592ebb2c3de,

title = "DFaP: Data Filtering and Purification Against Backdoor Attacks",

abstract = "The rapid development of deep learning has led to a dramatic increase in user demand for training data. As a result, users are often compelled to acquire data from unsecured external sources through automated methods or outsourcing. Therefore, severe backdoor attacks occur during the training data collection phase of the DNNs pipeline, where adversaries can stealthily control DNNs to make expected or unintended outputs by contaminating the training data. In this paper, we propose a novel backdoor defense framework called DFaP (Data Filter and Purify). DFaP can make backdoor samples with local-patch or full-image triggers added harmless without needing additional clean samples. With DFaP, users can safely train clean DNN models with unsecured data. We have conducted experiments on two networks (AlexNet, ResNet-34) and two datasets (CIFAR10, GTSRB). The experimental results show that DFaP can defend against six state-of-the-art backdoor attacks. In comparison to the other four defense methods, DFaP demonstrates superior performance with an average reduction in attack success rate of 98.01%.",

keywords = "AI security, artificial intelligence, backdoor defense, data filtering, data purification, deep learning",

author = "Haochen Wang and Tianshi Mu and Guocong Feng and Wu, {Shang Bo} and Yuanzhang Li",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.; 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023 ; Conference date: 03-12-2023 Through 05-12-2023",

year = "2024",

doi = "10.1007/978-981-99-9785-5_7",

language = "English",

isbn = "9789819997848",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "81--97",

editor = "Jaideep Vaidya and Moncef Gabbouj and Jin Li",

booktitle = "Artificial Intelligence Security and Privacy - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Proceedings",

address = "Germany",

}

Wang, H, Mu, T, Feng, G, Wu, SB & Li, Y 2024, DFaP: Data Filtering and Purification Against Backdoor Attacks. 在 J Vaidya, M Gabbouj & J Li (编辑), Artificial Intelligence Security and Privacy - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 14509 LNCS, Springer Science and Business Media Deutschland GmbH, 页码 81-97, 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Guangzhou, 中国, 3/12/23. https://doi.org/10.1007/978-981-99-9785-5_7

DFaP: Data Filtering and Purification Against Backdoor Attacks. / Wang, Haochen; Mu, Tianshi; Feng, Guocong 等.
Artificial Intelligence Security and Privacy - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Proceedings. 编辑 / Jaideep Vaidya; Moncef Gabbouj; Jin Li. Springer Science and Business Media Deutschland GmbH, 2024. 页码 81-97 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 14509 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - DFaP

T2 - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023

AU - Wang, Haochen

AU - Mu, Tianshi

AU - Feng, Guocong

AU - Wu, Shang Bo

AU - Li, Yuanzhang

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.

PY - 2024

Y1 - 2024

N2 - The rapid development of deep learning has led to a dramatic increase in user demand for training data. As a result, users are often compelled to acquire data from unsecured external sources through automated methods or outsourcing. Therefore, severe backdoor attacks occur during the training data collection phase of the DNNs pipeline, where adversaries can stealthily control DNNs to make expected or unintended outputs by contaminating the training data. In this paper, we propose a novel backdoor defense framework called DFaP (Data Filter and Purify). DFaP can make backdoor samples with local-patch or full-image triggers added harmless without needing additional clean samples. With DFaP, users can safely train clean DNN models with unsecured data. We have conducted experiments on two networks (AlexNet, ResNet-34) and two datasets (CIFAR10, GTSRB). The experimental results show that DFaP can defend against six state-of-the-art backdoor attacks. In comparison to the other four defense methods, DFaP demonstrates superior performance with an average reduction in attack success rate of 98.01%.

AB - The rapid development of deep learning has led to a dramatic increase in user demand for training data. As a result, users are often compelled to acquire data from unsecured external sources through automated methods or outsourcing. Therefore, severe backdoor attacks occur during the training data collection phase of the DNNs pipeline, where adversaries can stealthily control DNNs to make expected or unintended outputs by contaminating the training data. In this paper, we propose a novel backdoor defense framework called DFaP (Data Filter and Purify). DFaP can make backdoor samples with local-patch or full-image triggers added harmless without needing additional clean samples. With DFaP, users can safely train clean DNN models with unsecured data. We have conducted experiments on two networks (AlexNet, ResNet-34) and two datasets (CIFAR10, GTSRB). The experimental results show that DFaP can defend against six state-of-the-art backdoor attacks. In comparison to the other four defense methods, DFaP demonstrates superior performance with an average reduction in attack success rate of 98.01%.

KW - AI security

KW - artificial intelligence

KW - backdoor defense

KW - data filtering

KW - data purification

KW - deep learning

UR - http://www.scopus.com/inward/record.url?scp=85185707821&partnerID=8YFLogxK

U2 - 10.1007/978-981-99-9785-5_7

DO - 10.1007/978-981-99-9785-5_7

M3 - Conference contribution

AN - SCOPUS:85185707821

SN - 9789819997848

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 81

EP - 97

BT - Artificial Intelligence Security and Privacy - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Proceedings

A2 - Vaidya, Jaideep

A2 - Gabbouj, Moncef

A2 - Li, Jin

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 3 December 2023 through 5 December 2023

ER -

Wang H, Mu T, Feng G, Wu SB, Li Y. DFaP: Data Filtering and Purification Against Backdoor Attacks. 在 Vaidya J, Gabbouj M, Li J, 编辑, Artificial Intelligence Security and Privacy - 1st International Conference on Artificial Intelligence Security and Privacy, AIS and P 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. 页码 81-97. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-981-99-9785-5_7

DFaP: Data Filtering and Purification Against Backdoor Attacks

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此