REVIEW 15 cited by
Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering
Not yet reviewed by Pith; the record is open.
This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.
SPECIMEN: schema-true, not a live event
T0 review · schema-true
One-sentence machine reading of the paper's core claim.
pith:XXXXXXXX · record.json · timestamp
Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering
read the original abstract
While machine learning (ML) models are being increasingly trusted to make decisions in different and varying areas, the safety of systems using such models has become an increasing concern. In particular, ML models are often trained on data from potentially untrustworthy sources, providing adversaries with the opportunity to manipulate them by inserting carefully crafted samples into the training set. Recent work has shown that this type of attack, called a poisoning attack, allows adversaries to insert backdoors or trojans into the model, enabling malicious behavior with simple external backdoor triggers at inference time and only a blackbox perspective of the model itself. Detecting this type of attack is challenging because the unexpected behavior occurs only when a backdoor trigger, which is known only to the adversary, is present. Model users, either direct users of training data or users of pre-trained model from a catalog, may not guarantee the safe operation of their ML-based system. In this paper, we propose a novel approach to backdoor detection and removal for neural networks. Through extensive experimental results, we demonstrate its effectiveness for neural networks classifying text and images. To the best of our knowledge, this is the first methodology capable of detecting poisonous data crafted to insert backdoors and repairing the model that does not require a verified and trusted dataset.
Forward citations
Cited by 15 Pith papers
-
TimeGuard: Channel-wise Pool Training for Backdoor Defense in Time Series Forecasting
TimeGuard defends time series forecasting against backdoors via channel-wise pool training initialized by time-aware criteria and expanded with distance-regularized loss selection, improving poisoned MAE by 1.96x whil...
-
McNdroid: A Longitudinal Multimodal Benchmark for Robust Drift Detection in Android Malware
McNdroid is a new longitudinal multimodal benchmark showing that Android malware detectors degrade over time but multimodal approaches maintain better performance across long temporal gaps.
-
Undetectable Backdoors in Model Parameters: Hiding Sparse Secrets in High Dimensions
Sparse Backdoor plants a provably undetectable backdoor in neural network weights via structured sparse perturbations and isotropic Gaussian dithering, with detection hardness reduced to Sparse PCA.
-
Follow My Eyes: Backdoor Attacks on Goal-Directed Scanpath Prediction
Backdoor attacks on VLM-based scanpath predictors can redirect fixations toward chosen objects or inflate durations using input-conditioned triggers that evade cluster detection, and no tested defense blocks them with...
-
Detect, Unlearn, Restore: Defending Text Summarization Models Against Data Poisoning
A unified detection and unlearning framework identifies and mitigates data poisoning in summarization models, achieving 85-92% detection and up to 96% behavior restoration across multiple architectures.
-
SCRUB-FL: Sanitizing and Cleansing Representations via Unlearning of Backdoors
SCRUB-FL uses client spectral analysis and WGAN-GP to model suspicious patterns during FL training, aggregates generators server-side, then synthesizes triggers and applies unlearning to reduce backdoor success rates ...
-
Mirage: a Clean-Label Backdoor against LiDAR 3D Object Detection
Mirage achieves 73% misclassification success on LiDAR 3DOD models with 0.5% poisoning rate via label-consistent trigger injection.
-
TimeGuard: Channel-wise Pool Training for Backdoor Defense in Time Series Forecasting
TimeGuard employs channel-wise pool training initialized with time-aware criteria and distance-regularized loss selection to defend time series forecasting against backdoor attacks, improving robustness by 1.96x while...
-
DETOUR: A Practical Backdoor Attack against Object Detection
DETOUR enables practical backdoor attacks on object detectors by training with rescaled semantic triggers from real-world objects placed at multiple locations to exploit the trigger radiating effect for reliable activ...
-
CSC: Turning the Adversary's Poison against Itself
CSC identifies backdoored samples via early-epoch latent clustering and conceals them by relabeling to a virtual class, driving attack success rates near zero on benchmarks with little clean accuracy loss.
-
PASTA: A Patch-Agnostic Twofold-Stealthy Backdoor Attack on Vision Transformers
PASTA enables patch-agnostic backdoor activation in ViTs via multi-location trigger insertion during training and bi-level optimization, achieving 99.13% average attack success with large gains in visual/attention ste...
-
A Patch-based Cross-view Regularized Framework for Backdoor Defense in Multimodal Large Language Models
A patch-augmented cross-view regularization method reduces backdoor attack success rates in multimodal LLMs by enforcing output differences between original and perturbed views while using entropy constraints to prese...
-
Clustering Unsupervised Representations as Defense against Poisoning Attacks on Speech Commands Classification System
Clustering DINO representations via K-means and LDA filters poisoned speech samples, reducing attack success rate from 99.75% to 0.25% at 10% poisoning level.
-
DeepSeek Robustness Against Semantic-Character Dual-Space Mutated Prompt Injection
Dual-space semantic-character mutations on prompts achieve higher misuse success rates against DeepSeek than single-space attacks alone.
-
TCAP: Tri-Component Attention Profiling for Unsupervised Backdoor Detection in MLLM Fine-Tuning
TCAP detects backdoor samples in MLLM fine-tuning via tri-component attention profiling, GMM-based head identification, and EM vote aggregation.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.