English
Related papers

Related papers: Erasing Self-Supervised Learning Backdoor by Clust…

200 papers

Self-supervised learning (SSL) is a machine learning approach where the data itself provides supervision, eliminating the need for external labels. The model is forced to learn about the data structure or context by solving a pretext task.…

Computer Vision and Pattern Recognition · Computer Science 2024-07-19 Markus Marks , Manuel Knott , Neehar Kondapaneni , Elijah Cole , Thijs Defraeye , Fernando Perez-Cruz , Pietro Perona

The financial industry relies on deep learning models for making important decisions. This adoption brings new danger, as deep black-box models are known to be vulnerable to adversarial attacks. In computer vision, one can shape the output…

Machine Learning · Computer Science 2024-08-27 Alina Ermilova , Elizaveta Kovtun , Dmitry Berestnev , Alexey Zaytsev

Predicitions made by neural networks can be fraudulently altered by so-called poisoning attacks. A special case are backdoor poisoning attacks. We study suitable detection methods and introduce a new method called Heatmap Clustering. There,…

Machine Learning · Computer Science 2022-04-28 Lukas Schulth , Christian Berghoff , Matthias Neu

Multimodal contrastive learning methods like CLIP train on noisy and uncurated training datasets. This is cheaper than labeling datasets manually, and even improves out-of-distribution robustness. We show that this practice makes backdoor…

Machine Learning · Computer Science 2022-03-29 Nicholas Carlini , Andreas Terzis

We propose a novel clustering mechanism based on an incompatibility property between subsets of data that emerges during model training. This mechanism partitions the dataset into subsets that generalize only to themselves, i.e., training…

Machine Learning · Computer Science 2023-04-28 Charles Jin , Melinda Sun , Martin Rinard

Modern machine learning (ML) systems demand substantial training data, often resorting to external sources. Nevertheless, this practice renders them vulnerable to backdoor poisoning attacks. Prior backdoor defense strategies have primarily…

Machine Learning · Computer Science 2024-03-19 Soumyadeep Pal , Yuguang Yao , Ren Wang , Bingquan Shen , Sijia Liu

Due to the popularity of Artificial Intelligence (AI) techniques, we are witnessing an increasing number of backdoor injection attacks that are designed to maliciously threaten Deep Neural Networks (DNNs) causing misclassification. Although…

Machine Learning · Computer Science 2022-05-18 Zhihao Yue , Jun Xia , Zhiwei Ling , Ming Hu , Ting Wang , Xian Wei , Mingsong Chen

The advent of multimodal deep learning models, such as CLIP, has unlocked new frontiers in a wide range of applications, from image-text understanding to classification tasks. However, these models are not safe for adversarial attacks,…

Computer Vision and Pattern Recognition · Computer Science 2025-11-18 Md. Iqbal Hossain , Afia Sajeeda , Neeresh Kumar Perla , Ming Shao

Self-supervised learning (SSL) is increasingly attractive for pre-training encoders without requiring labeled data. Downstream tasks built on top of those pre-trained encoders can achieve nearly state-of-the-art performance. The pre-trained…

Machine Learning · Computer Science 2025-10-06 Tingxu Han , Weisong Sun , Ziqi Ding , Chunrong Fang , Hanwei Qian , Jiaxun Li , Zhenyu Chen , Xiangyu Zhang

Contrastive learning (CL) reduces annotation cost via auto-derived supervisory signals. Since large-scale in-house CL datasets are infeasible, reliance on third-party or internet data is common. Recent studies show CL models are vulnerable…

Cryptography and Security · Computer Science 2026-05-05 Zhiyang Dai , Yansong Gao , Boyu Kuang , Haodong Li , Qi Chang , Gaurav Varshney , Derek Abbott , Anmin Fu

Speaker verification has been widely and successfully adopted in many mission-critical areas for user identification. The training of speaker verification requires a large amount of data, therefore users usually need to adopt third-party…

Cryptography and Security · Computer Science 2021-02-04 Tongqing Zhai , Yiming Li , Ziqi Zhang , Baoyuan Wu , Yong Jiang , Shu-Tao Xia

By injecting a small number of poisoned samples into the training set, backdoor attacks aim to make the victim model produce designed outputs on any input injected with pre-designed backdoors. In order to achieve a high attack success rate…

Cryptography and Security · Computer Science 2024-07-23 Minlong Peng , Zidi Xiong , Quang H. Nguyen , Mingming Sun , Khoa D. Doan , Ping Li

In recent years, the security issues of artificial intelligence have become increasingly prominent due to the rapid development of deep learning research and applications. Backdoor attack is an attack targeting the vulnerability of deep…

Cryptography and Security · Computer Science 2023-12-14 Peixin Zhang , Jun Sun , Mingtian Tan , Xinyu Wang

Multimodal contrastive learning uses various data modalities to create high-quality features, but its reliance on extensive data sources on the Internet makes it vulnerable to backdoor attacks. These attacks insert malicious behaviors…

Cryptography and Security · Computer Science 2024-10-01 Kuanrong Liu , Siyuan Liang , Jiawei Liang , Pengwen Dai , Xiaochun Cao

Semi-supervised machine learning models learn from a (small) set of labeled training examples, and a (large) set of unlabeled training examples. State-of-the-art models can reach within a few percentage points of fully-supervised training,…

Machine Learning · Computer Science 2021-08-11 Nicholas Carlini

Deep neural networks (DNNs) are vulnerable to backdoor attacks, where an attacker manipulates a small portion of the training data to implant hidden backdoors into the model. The compromised model behaves normally on clean samples but…

Cryptography and Security · Computer Science 2026-02-20 Ting Qiao , Yingjia Wang , Xing Liu , Sixing Wu , Jianbin Li , Yiming Li

Contrastive language-image pretraining (CLIP) has been found to be vulnerable to poisoning backdoor attacks where the adversary can achieve an almost perfect attack success rate on CLIP models by poisoning only 0.01\% of the training…

Machine Learning · Computer Science 2025-02-11 Hanxun Huang , Sarah Erfani , Yige Li , Xingjun Ma , James Bailey

Backdoor attacks against CNNs represent a new threat against deep learning systems, due to the possibility of corrupting the training set so to induce an incorrect behaviour at test time. To avoid that the trainer recognises the presence of…

Cryptography and Security · Computer Science 2019-03-01 Mauro Barni , Kassem Kallas , Benedetta Tondi

Deep learning models have consistently outperformed traditional machine learning models in various classification tasks, including image classification. As such, they have become increasingly prevalent in many real world applications…

Cryptography and Security · Computer Science 2018-08-31 Cong Liao , Haoti Zhong , Anna Squicciarini , Sencun Zhu , David Miller

Backdoor attacks change a small portion of training data by introducing hand-crafted triggers and rewiring the corresponding labels towards a desired target class. Training on such data injects a backdoor which causes malicious inference in…

Machine Learning · Computer Science 2024-09-05 Ivan Sabolić , Ivan Grubišić , Siniša Šegvić