Authors: Zixuan Zhu, Rui Wang, Cong Zou, Lihua Jing
Published on: April 17, 2024
Impact Score: 7.6
Arxiv code: Arxiv:2404.11265
Summary
- What is new: This research introduces a novel dual-network training framework named The Victim and The Beneficiary (VB), which uses prediction entropy to distinguish between poisoned and benign samples, a method that doesn’t require additional benign samples.
- Why this is important: Backdoor attacks, which make deep neural networks output specific results when a trigger is present, are a growing security threat. Existing defenses are ineffective or depend on the availability of benign samples.
- What the research proposes: A dual-network framework that uses a poisoned Victim network to detect and filter malicious samples, enabling a clean Beneficiary network to be trained on reliable samples without additional benign data. This approach also includes a semi-supervised strategy for backdoor suppression.
- Results: Extensive testing on two datasets against six advanced attacks showed the framework effectively prevents backdoor injections and remains robust across different attack vectors, all while preserving performance on benign samples.
Technical Details
Technological frameworks used: The Victim and The Beneficiary (VB) with AttentionMix for data augmentation.
Models used: Deep Neural Networks (DNNs) with a focus on semi-supervised learning for backdoor detection and removal.
Data used: Two widely used datasets
Potential Impact
Cybersecurity firms, cloud service providers, companies developing or deploying DNNs in their products or services, such as facial recognition, voice assistants, and autonomous vehicles, could benefit or need to adapt.
Want to implement this idea in a business?
We have generated a startup concept here: SecureNetGuard.
Leave a Reply