University of Cagliari
partially_open
Fabio Vasarri
LFPD: Local-Feature-Powered Defense against adaptive backdoor attacks
Demontis, Ambra;Pintor, Maura;Biggio, Battista
2025-01-01
Abstract
To detect the suspect poisoned data in the training phase, most backdoor defenses rely on a prevalent assumption, i.e., the feature separability between poisoned and benign samples. However, this assumption can be bypassed by novel adaptive attacks, which merge the features of poisoned and benign samples. In this paper, we contrast these adaptive attacks and propose a so-called Local-Feature-Powered Defense (LFPD), which leverages a local feature algorithm to measure samples' similarity in the image space and uses it to guide the training process to increase the feature sepa-rability between poisoned and benign samples. Then, our LFPD detects the outliers in the training dataset as poisoned samples and removes the backdoor by unlearning them. Finally, we compare our LFPD with five existing defenses, and our experimental results demonstrate that LFPD outperforms them in defending against adaptive attacks.
Files in This Item:
| File | Size | Format | |
|---|---|---|---|
| ICMLC-LFPD.pdf open access
Description: pre print
Type: versione pre-print
Size 732.02 kB
Format Adobe PDF
|
732.02 kB | Adobe PDF | View/Open |
| LFPD_Local-Feature-Powered_Defense_Against_Adaptive_Backdoor_Attacks.pdf Solo gestori archivio
Type: versione editoriale
Size 769.9 kB
Format Adobe PDF
|
769.9 kB | Adobe PDF | & nbsp; View / Open Request a copy |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.