An Embarrassingly Simple Defense Against Backdoor Attacks On SSL

• URL: http://arxiv.org/abs/2403.15918v2
• Date: Mon, 1 Apr 2024 04:15:46 GMT
• Title: An Embarrassingly Simple Defense Against Backdoor Attacks On SSL
• Authors: Aryan Satpathy, Nilaksh Nilaksh, Dhruva Rajwade,
• Abstract summary: Self Supervised Learning (SSL) has emerged as a powerful paradigm to tackle data landscapes with absence of human supervision. Recent work indicates SSL to be vulnerable to backdoor attacks, wherein models can be controlled, possibly maliciously, to suit an adversary's motives. We devise two defense strategies against frequency-based attacks in SSL.
• Score: 0.0
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Self Supervised Learning (SSL) has emerged as a powerful paradigm to tackle data landscapes with absence of human supervision. The ability to learn meaningful tasks without the use of labeled data makes SSL a popular method to manage large chunks of data in the absence of labels. However, recent work indicates SSL to be vulnerable to backdoor attacks, wherein models can be controlled, possibly maliciously, to suit an adversary's motives. Li et. al (2022) introduce a novel frequency-based backdoor attack: CTRL. They show that CTRL can be used to efficiently and stealthily gain control over a victim's model trained using SSL. In this work, we devise two defense strategies against frequency-based attacks in SSL: One applicable before model training and the second to be applied during model inference. Our first contribution utilizes the invariance property of the downstream task to defend against backdoor attacks in a generalizable fashion. We observe the ASR (Attack Success Rate) to reduce by over 60% across experiments. Our Inference-time defense relies on evasiveness of the attack and uses the luminance channel to defend against attacks. Using object classification as the downstream task for SSL, we demonstrate successful defense strategies that do not require re-training of the model. Code is available at https://github.com/Aryan-Satpathy/Backdoor.

Related papers

• Invisible Backdoor Attack against Self-supervised Learning [31.813240503037132]
  Self-supervised learning (SSL) models are vulnerable to backdoor attacks. This paper proposes an imperceptible and effective backdoor attack against self-supervised models.
  arXiv  Detail & Related papers  (2024-05-23T15:08:31Z)
• Does Few-shot Learning Suffer from Backdoor Attacks? [63.9864247424967]
  We show that few-shot learning can still be vulnerable to backdoor attacks. Our method demonstrates a high Attack Success Rate (ASR) in FSL tasks with different few-shot learning paradigms. This study reveals that few-shot learning still suffers from backdoor attacks, and its security should be given attention.
  arXiv  Detail & Related papers  (2023-12-31T06:43:36Z)
• Erasing Self-Supervised Learning Backdoor by Cluster Activation Masking [65.44477004525231]
  Researchers have recently found that Self-Supervised Learning (SSL) is vulnerable to backdoor attacks. In this paper, we propose to erase the SSL backdoor by cluster activation masking and propose a novel PoisonCAM method. Our method achieves 96% accuracy for backdoor trigger detection compared to 3% of the state-of-the-art method on poisoned ImageNet-100.
  arXiv  Detail & Related papers  (2023-12-13T08:01:15Z)
• ASSET: Robust Backdoor Data Detection Across a Multiplicity of Deep Learning Paradigms [39.753721029332326]
  Backdoor data detection is traditionally studied in an end-to-end supervised learning (SL) setting. Recent years have seen the proliferating adoption of self-supervised learning (SSL) and transfer learning (TL) due to their lesser need for labeled data. We show that the performance of most existing detection methods varies significantly across different attacks and poison ratios, and all fail on the state-of-the-art clean-label attack.
  arXiv  Detail & Related papers  (2023-02-22T14:43:33Z)
• An Embarrassingly Simple Backdoor Attack on Self-supervised Learning [52.28670953101126]
  Self-supervised learning (SSL) is capable of learning high-quality representations of complex data without relying on labels. We study the inherent vulnerability of SSL to backdoor attacks.
  arXiv  Detail & Related papers  (2022-10-13T20:39:21Z)
• Semi-Leak: Membership Inference Attacks Against Semi-supervised Learning [42.089020844936805]
  Semi-supervised learning (SSL) leverages both labeled and unlabeled data to train machine learning (ML) models. We propose the first data augmentation-based membership inference attacks against ML models trained by SSL. Our evaluation shows that the proposed attack can consistently outperform existing membership inference attacks.
  arXiv  Detail & Related papers  (2022-07-25T21:17:24Z)
• On Higher Adversarial Susceptibility of Contrastive Self-Supervised Learning [104.00264962878956]
  Contrastive self-supervised learning (CSL) has managed to match or surpass the performance of supervised learning in image and video classification. It is still largely unknown if the nature of the representation induced by the two learning paradigms is similar. We identify the uniform distribution of data representation over a unit hypersphere in the CSL representation space as the key contributor to this phenomenon. We devise strategies that are simple, yet effective in improving model robustness with CSL training.
  arXiv  Detail & Related papers  (2022-07-22T03:49:50Z)
• DATA: Domain-Aware and Task-Aware Pre-training [94.62676913928831]
  We present DATA, a simple yet effective NAS approach specialized for self-supervised learning (SSL) Our method achieves promising results across a wide range of computation costs on downstream tasks, including image classification, object detection and semantic segmentation.
  arXiv  Detail & Related papers  (2022-03-17T02:38:49Z)
• Don't fear the unlabelled: safe deep semi-supervised learning via simple debiasing [12.569695703536615]
  Semi supervised learning (SSL) provides an effective means of leveraging unlabelled data to improve a model's performance. Most methods present the common drawback of being unsafe. This bias makes these techniques untrustable without a proper validation set.
  arXiv  Detail & Related papers  (2022-03-14T21:42:21Z)
• Interventional Few-Shot Learning [88.31112565383457]
  We propose a novel Few-Shot Learning paradigm: Interventional Few-Shot Learning. Code is released at https://github.com/yue-zhongqi/ifsl.
  arXiv  Detail & Related papers  (2020-09-28T01:16:54Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.