English
Related papers

Related papers: Self-Purification Mitigates Backdoors in Multimoda…

200 papers

The training phase of machine learning models is a delicate step, especially in cybersecurity contexts. Recent research has surfaced a series of insidious training-time attacks that inject backdoors in models designed for security…

Cryptography and Security · Computer Science 2025-05-06 Giorgio Severi , Simona Boboila , John Holodnak , Kendra Kratkiewicz , Rauf Izmailov , Michael J. De Lucia , Alina Oprea

Due to the popularity of Artificial Intelligence (AI) techniques, we are witnessing an increasing number of backdoor injection attacks that are designed to maliciously threaten Deep Neural Networks (DNNs) causing misclassification. Although…

Machine Learning · Computer Science 2022-05-18 Zhihao Yue , Jun Xia , Zhiwei Ling , Ming Hu , Ting Wang , Xian Wei , Mingsong Chen

The financial industry relies on deep learning models for making important decisions. This adoption brings new danger, as deep black-box models are known to be vulnerable to adversarial attacks. In computer vision, one can shape the output…

Machine Learning · Computer Science 2024-08-27 Alina Ermilova , Elizaveta Kovtun , Dmitry Berestnev , Alexey Zaytsev

Adversarial attacks can mislead neural network classifiers. The defense against adversarial attacks is important for AI safety. Adversarial purification is a family of approaches that defend adversarial attacks with suitable pre-processing.…

Machine Learning · Computer Science 2023-10-31 Boya Zhang , Weijian Luo , Zhihua Zhang

Diffusion models have emerged as state-of-the-art generative frameworks, excelling in producing high-quality multi-modal samples. However, recent studies have revealed their vulnerability to backdoor attacks, where backdoored models…

Computer Vision and Pattern Recognition · Computer Science 2025-03-04 Vu Tuan Truong , Long Bao Le

Despite the strong multimodal performance, large vision-language models (LVLMs) are vulnerable during fine-tuning to backdoor attacks, where adversaries insert trigger-embedded samples into the training data to implant behaviors that can be…

Computer Vision and Pattern Recognition · Computer Science 2026-03-16 Zhifang Zhang , Bojun Yang , Shuo He , Weitong Chen , Wei Emma Zhang , Olaf Maennel , Lei Feng , Miao Xu

Self-supervised diffusion models learn high-quality visual representations via latent space denoising. However, their representation layer poses a distinct threat: unlike traditional attacks targeting generative outputs, its unconstrained…

Cryptography and Security · Computer Science 2026-03-03 Jiayao Wang , Yiping Zhang , Mohammad Maruf Hasan , Xiaoying Lei , Jiale Zhang , Junwu Zhu , Qilin Wu , Dongfang Zhao

With the development of technology, large language models (LLMs) have dominated the downstream natural language processing (NLP) tasks. However, because of the LLMs' instruction-following abilities and inability to distinguish the…

Cryptography and Security · Computer Science 2025-10-07 Yulin Chen , Haoran Li , Yuan Sui , Yangqiu Song , Bryan Hooi

Although Deep Neural Network (DNN) has led to unprecedented progress in various natural language processing (NLP) tasks, research shows that deep models are extremely vulnerable to backdoor attacks. The existing backdoor attacks mainly…

Cryptography and Security · Computer Science 2022-06-07 Xiaoyi Chen , Yinpeng Dong , Zeyu Sun , Shengfang Zhai , Qingni Shen , Zhonghai Wu

Large language models (LLMs) are increasingly deployed in settings where inducing a bias toward a certain topic can have significant consequences, and backdoor attacks can be used to produce such models. Prior work on backdoor attacks has…

Cryptography and Security · Computer Science 2026-02-17 Anudeep Das , Prach Chantasantitam , Gurjot Singh , Lipeng He , Mariia Ponomarenko , Florian Kerschbaum

Large Language Models (LLMs) have achieved significantly advanced capabilities in understanding and generating human language text, which have gained increasing popularity over recent years. Apart from their state-of-the-art natural…

Cryptography and Security · Computer Science 2025-02-11 Yihe Zhou , Tao Ni , Wei-Bin Lee , Qingchuan Zhao

Large Language Models (LLMs) are known to be vulnerable to backdoor attacks, where triggers embedded in poisoned samples can maliciously alter LLMs' behaviors. In this paper, we move beyond attacking LLMs and instead examine backdoor…

Cryptography and Security · Computer Science 2025-02-18 Huaizhi Ge , Yiming Li , Qifan Wang , Yongfeng Zhang , Ruixiang Tang

Neural Networks are infamously sensitive to small perturbations in their inputs, making them vulnerable to adversarial attacks. This project evaluates the performance of Denoising Diffusion Probabilistic Models (DDPM) as a purification…

Machine Learning · Computer Science 2023-01-18 Lars Lien Ankile , Anna Midgley , Sebastian Weisshaar

The commercialization of text-to-image diffusion models (DMs) brings forth potential copyright concerns. Despite numerous attempts to protect DMs from copyright issues, the vulnerabilities of these solutions are underexplored. In this…

Cryptography and Security · Computer Science 2024-05-28 Haonan Wang , Qianli Shen , Yao Tong , Yang Zhang , Kenji Kawaguchi

Decentralised post-training of large language models utilises data and pipeline parallelism techniques to split the data and the model. Unfortunately, decentralised post-training can be vulnerable to poisoning and backdoor attacks by one or…

Cryptography and Security · Computer Science 2026-04-06 Oğuzhan Ersoy , Nikolay Blagoev , Jona te Lintelo , Stefanos Koffas , Marina Krček , Stjepan Picek

Text-to-image diffusion models achieve high-fidelity image generation from natural language prompts. ControlNets extend these models by enabling conditioning on structural inputs (e.g., edge maps, depth, pose), providing fine-grained…

Computer Vision and Pattern Recognition · Computer Science 2025-11-25 Raz Lapid , Almog Dubin

Poisoning backdoor attacks involve an adversary manipulating the training data to induce certain behaviors in the victim model by inserting a trigger in the signal at inference time. We adapted clean label backdoor (CLBD)-data poisoning…

Cryptography and Security · Computer Science 2024-09-16 Henry Li Xinyuan , Sonal Joshi , Thomas Thebaud , Jesus Villalba , Najim Dehak , Sanjeev Khudanpur

We investigate security concerns of the emergent instruction tuning paradigm, that models are trained on crowdsourced datasets with task instructions to achieve superior performance. Our studies demonstrate that an attacker can inject…

Computation and Language · Computer Science 2024-04-04 Jiashu Xu , Mingyu Derek Ma , Fei Wang , Chaowei Xiao , Muhao Chen

Deep learning models are vulnerable to backdoor attacks, where attackers inject malicious behavior through data poisoning and later exploit triggers to manipulate deployed models. To improve the stealth and effectiveness of backdoors, prior…

Cryptography and Security · Computer Science 2024-09-10 Xiaolei Liu , Ming Yi , Kangyi Ding , Bangzhou Xin , Yixiao Xu , Li Yan , Chao Shen

Dataset sanitization is a widely adopted proactive defense against poisoning-based backdoor attacks, aimed at filtering out and removing poisoned samples from training datasets. However, existing methods have shown limited efficacy in…

Cryptography and Security · Computer Science 2023-12-21 Jiachen Zhou , Peizhuo Lv , Yibing Lan , Guozhu Meng , Kai Chen , Hualong Ma