English
Related papers

Related papers: Towards Understanding How Self-training Tolerates …

200 papers

Data-poisoning based backdoor attacks aim to insert backdoor into models by manipulating training datasets without controlling the training process of the target model. Existing attack methods mainly focus on designing triggers or fusion…

Cryptography and Security · Computer Science 2023-07-17 Zihao Zhu , Mingda Zhang , Shaokui Wei , Li Shen , Yanbo Fan , Baoyuan Wu

The financial industry relies on deep learning models for making important decisions. This adoption brings new danger, as deep black-box models are known to be vulnerable to adversarial attacks. In computer vision, one can shape the output…

Machine Learning · Computer Science 2024-08-27 Alina Ermilova , Elizaveta Kovtun , Dmitry Berestnev , Alexey Zaytsev

Pre-trained language models have achieved remarkable success across a wide range of natural language processing (NLP) tasks, particularly when fine-tuned on large, domain-relevant datasets. However, they remain vulnerable to backdoor…

Computation and Language · Computer Science 2026-02-02 Anindya Sundar Das , Kangjie Chen , Monowar Bhuyan

Deep Neural Networks (DNN) are susceptible to backdoor attacks where malicious attackers manipulate the model's predictions via data poisoning. It is hence imperative to develop a strategy for training a clean model using a potentially…

Cryptography and Security · Computer Science 2023-12-21 Yiming Chen , Haiwei Wu , Jiantao Zhou

This paper investigates the critical issue of data poisoning attacks on AI models, a growing concern in the ever-evolving landscape of artificial intelligence and cybersecurity. As advanced technology systems become increasingly prevalent…

Cryptography and Security · Computer Science 2025-03-13 Halima I. Kure , Pradipta Sarkar , Ahmed B. Ndanusa , Augustine O. Nwajana

In a backdoor attack on a machine learning model, an adversary produces a model that performs well on normal inputs but outputs targeted misclassifications on inputs containing a small trigger pattern. Model compression is a widely-used…

Cryptography and Security · Computer Science 2021-05-03 Yulong Tian , Fnu Suya , Fengyuan Xu , David Evans

Backdoor unlearning aims to remove backdoor-related information while preserving the model's original functionality. However, existing unlearning methods mainly focus on recovering trigger patterns but fail to restore the correct semantic…

Cryptography and Security · Computer Science 2025-07-15 Yanghao Su , Jie Zhang , Yiming Li , Tianwei Zhang , Qing Guo , Weiming Zhang , Nenghai Yu , Nils Lukas , Wenbo Zhou

We propose VIBE, a model-agnostic framework that trains classifiers resilient to backdoor attacks. The key concept behind our approach is to treat malicious inputs and corrupted labels from the training dataset as observed random variables,…

Machine Learning · Computer Science 2025-08-27 Ivan Sabolić , Matej Grcić , Siniša Šegvić

Recent studies have widely investigated backdoor attacks on Large Language Models (LLMs) by inserting harmful question-answer (QA) pairs into their training data. However, we revisit existing attacks and identify two critical limitations:…

Computation and Language · Computer Science 2025-10-07 Jiawei Kong , Hao Fang , Xiaochen Yang , Kuofeng Gao , Bin Chen , Shu-Tao Xia , Ke Xu , Han Qiu

As a novel privacy-preserving paradigm aimed at reducing client computational costs and achieving data utility, split learning has garnered extensive attention and proliferated widespread applications across various fields, including smart…

Cryptography and Security · Computer Science 2024-10-22 Yuwen Pu , Zhuoyuan Ding , Jiahao Chen , Chunyi Zhou , Qingming Li , Chunqiang Hu , Shouling Ji

Federated Learning (FL) allows multiple clients to collaboratively train a Neural Network (NN) model on their private data without revealing the data. Recently, several targeted poisoning attacks against FL have been introduced. These…

Cryptography and Security · Computer Science 2022-01-04 Phillip Rieger , Thien Duc Nguyen , Markus Miettinen , Ahmad-Reza Sadeghi

Deep neural networks have played a crucial part in many critical domains, such as autonomous driving, face recognition, and medical diagnosis. However, deep neural networks are facing security threats from backdoor attacks and can be…

Cryptography and Security · Computer Science 2023-11-30 Jiyang Guan , Jian Liang , Ran He

Recent works have demonstrated that deep learning models are vulnerable to backdoor poisoning attacks, where these attacks instill spurious correlations to external trigger patterns or objects (e.g., stickers, sunglasses, etc.). We find…

Computer Vision and Pattern Recognition · Computer Science 2022-07-25 Tong Wu , Tianhao Wang , Vikash Sehwag , Saeed Mahloujifar , Prateek Mittal

In order to train robust deep learning models, large amounts of labelled data is required. However, in the absence of such large repositories of labelled data, unlabeled data can be exploited for the same. Semi-Supervised learning aims to…

Machine Learning · Computer Science 2021-07-20 Soumyadeep Ghosh , Sanjay Kumar , Janu Verma , Awanish Kumar

Self-supervised learning in computer vision aims to pre-train an image encoder using a large amount of unlabeled images or (image, text) pairs. The pre-trained image encoder can then be used as a feature extractor to build downstream…

Cryptography and Security · Computer Science 2021-08-03 Jinyuan Jia , Yupei Liu , Neil Zhenqiang Gong

At present, backdoor attacks attract attention as they do great harm to deep learning models. The adversary poisons the training data making the model being injected with a backdoor after being trained unconsciously by victims using the…

Cryptography and Security · Computer Science 2023-03-06 Shengfang Zhai , Qingni Shen , Xiaoyi Chen , Weilong Wang , Cong Li , Yuejian Fang , Zhonghai Wu

Self-training is an important technique for solving semi-supervised learning problems. It leverages unlabeled data by generating pseudo-labels and combining them with a limited labeled dataset for training. The effectiveness of…

Machine Learning · Computer Science 2023-11-06 Banghua Zhu , Mingyu Ding , Philip Jacobson , Ming Wu , Wei Zhan , Michael Jordan , Jiantao Jiao

Due to its distributed methodology alongside its privacy-preserving features, Federated Learning (FL) is vulnerable to training time adversarial attacks. In this study, our focus is on backdoor attacks in which the adversary's goal is to…

Machine Learning · Computer Science 2021-02-11 Omid Aramoon , Pin-Yu Chen , Gang Qu , Yuan Tian

Backdoor attacks pose a new threat to NLP models. A standard strategy to construct poisoned data in backdoor attacks is to insert triggers (e.g., rare words) into selected sentences and alter the original label to a target label. This…

Computation and Language · Computer Science 2022-04-28 Leilei Gan , Jiwei Li , Tianwei Zhang , Xiaoya Li , Yuxian Meng , Fei Wu , Yi Yang , Shangwei Guo , Chun Fan

Adversaries can embed backdoors in deep learning models by introducing backdoor poison samples into training datasets. In this work, we investigate how to detect such poison samples to mitigate the threat of backdoor attacks. First, we…

Machine Learning · Computer Science 2023-06-21 Xiangyu Qi , Tinghao Xie , Jiachen T. Wang , Tong Wu , Saeed Mahloujifar , Prateek Mittal