English

Mitigating Backdoor Attack by Injecting Proactive Defensive Backdoor

Cryptography and Security 2024-10-16 v2 Computer Vision and Pattern Recognition

Abstract

Data-poisoning backdoor attacks are serious security threats to machine learning models, where an adversary can manipulate the training dataset to inject backdoors into models. In this paper, we focus on in-training backdoor defense, aiming to train a clean model even when the dataset may be potentially poisoned. Unlike most existing methods that primarily detect and remove/unlearn suspicious samples to mitigate malicious backdoor attacks, we propose a novel defense approach called PDB (Proactive Defensive Backdoor). Specifically, PDB leverages the home-field advantage of defenders by proactively injecting a defensive backdoor into the model during training. Taking advantage of controlling the training process, the defensive backdoor is designed to suppress the malicious backdoor effectively while remaining secret to attackers. In addition, we introduce a reversible mapping to determine the defensive target label. During inference, PDB embeds a defensive trigger in the inputs and reverses the model's prediction, suppressing malicious backdoor and ensuring the model's utility on the original task. Experimental results across various datasets and models demonstrate that our approach achieves state-of-the-art defense performance against a wide range of backdoor attacks. The code is available at https://github.com/shawkui/Proactive_Defensive_Backdoor.

Keywords

Cite

@article{arxiv.2405.16112,
  title  = {Mitigating Backdoor Attack by Injecting Proactive Defensive Backdoor},
  author = {Shaokui Wei and Hongyuan Zha and Baoyuan Wu},
  journal= {arXiv preprint arXiv:2405.16112},
  year   = {2024}
}

Comments

Accepted by NeurIPS 2024. 32 pages, 7 figures, 28 tables

R2 v1 2026-06-28T16:39:57.589Z