BriefGPT.xyz
Nov, 2019
毒药为疗法:在深度神经网络中检测和中和可变大小的后门攻击
Poison as a Cure: Detecting & Neutralizing Variable-Sized Backdoor Attacks in Deep Neural Networks
HTML
PDF
Alvin Chan, Yew-Soon Ong
TL;DR
提出了一种有效的对抗性样本(backdoor)防御方法,它由多个子模块组成,能够在检测到backdoor的同时进行筛选清洗,并通过提取毒信号的方式中和攻击。该防御方法在CIFAR10数据集上针对9种不同的目标基类配对均表现出较好的效果。
Abstract
deep learning
models have recently shown to be vulnerable to
backdoor poisoning
, an insidious attack where the victim model predicts clean images correctly but classifies the same images as the target class when
→