Related papers: Towards Adversarial Robustness And Backdoor Mitigation in SSL

Towards Adversarial Robustness And Backdoor Mitigation in SSL

URL: http://arxiv.org/abs/2403.15918v3
Date: Mon, 16 Sep 2024 05:49:02 GMT
Title: Towards Adversarial Robustness And Backdoor Mitigation in SSL
Authors: Aryan Satpathy, Nilaksh Singh, Dhruva Rajwade, Somesh Kumar,
Abstract summary: Self-Supervised Learning (SSL) has shown great promise in learning representations from unlabeled data. SSL methods have recently been shown to be vulnerable to backdoor attacks. This work aims to address defending against backdoor attacks in SSL.
Score: 0.562479170374811
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: Self-Supervised Learning (SSL) has shown great promise in learning representations from unlabeled data. The power of learning representations without the need for human annotations has made SSL a widely used technique in real-world problems. However, SSL methods have recently been shown to be vulnerable to backdoor attacks, where the learned model can be exploited by adversaries to manipulate the learned representations, either through tampering the training data distribution, or via modifying the model itself. This work aims to address defending against backdoor attacks in SSL, where the adversary has access to a realistic fraction of the SSL training data, and no access to the model. We use novel methods that are computationally efficient as well as generalizable across different problem settings. We also investigate the adversarial robustness of SSL models when trained with our method, and show insights into increased robustness in SSL via frequency domain augmentations. We demonstrate the effectiveness of our method on a variety of SSL benchmarks, and show that our method is able to mitigate backdoor attacks while maintaining high performance on downstream tasks. Code for our work is available at github.com/Aryan-Satpathy/Backdoor

Related papers

Does Few-shot Learning Suffer from Backdoor Attacks? [63.9864247424967]
We show that few-shot learning can still be vulnerable to backdoor attacks. Our method demonstrates a high Attack Success Rate (ASR) in FSL tasks with different few-shot learning paradigms. This study reveals that few-shot learning still suffers from backdoor attacks, and its security should be given attention.
arXiv Detail & Related papers (2023-12-31T06:43:36Z)
Erasing Self-Supervised Learning Backdoor by Cluster Activation Masking [65.44477004525231]
Researchers have recently found that Self-Supervised Learning (SSL) is vulnerable to backdoor attacks. In this paper, we propose to erase the SSL backdoor by cluster activation masking and propose a novel PoisonCAM method. Our method achieves 96% accuracy for backdoor trigger detection compared to 3% of the state-of-the-art method on poisoned ImageNet-100.
arXiv Detail & Related papers (2023-12-13T08:01:15Z)
ASSET: Robust Backdoor Data Detection Across a Multiplicity of Deep Learning Paradigms [39.753721029332326]
Backdoor data detection is traditionally studied in an end-to-end supervised learning (SL) setting. Recent years have seen the proliferating adoption of self-supervised learning (SSL) and transfer learning (TL) due to their lesser need for labeled data. We show that the performance of most existing detection methods varies significantly across different attacks and poison ratios, and all fail on the state-of-the-art clean-label attack.
arXiv Detail & Related papers (2023-02-22T14:43:33Z)
An Embarrassingly Simple Backdoor Attack on Self-supervised Learning [52.28670953101126]
Self-supervised learning (SSL) is capable of learning high-quality representations of complex data without relying on labels. We study the inherent vulnerability of SSL to backdoor attacks.
arXiv Detail & Related papers (2022-10-13T20:39:21Z)
Semi-Leak: Membership Inference Attacks Against Semi-supervised Learning [42.089020844936805]
Semi-supervised learning (SSL) leverages both labeled and unlabeled data to train machine learning (ML) models. We propose the first data augmentation-based membership inference attacks against ML models trained by SSL. Our evaluation shows that the proposed attack can consistently outperform existing membership inference attacks.
arXiv Detail & Related papers (2022-07-25T21:17:24Z)
On Higher Adversarial Susceptibility of Contrastive Self-Supervised Learning [104.00264962878956]
Contrastive self-supervised learning (CSL) has managed to match or surpass the performance of supervised learning in image and video classification. It is still largely unknown if the nature of the representation induced by the two learning paradigms is similar. We identify the uniform distribution of data representation over a unit hypersphere in the CSL representation space as the key contributor to this phenomenon. We devise strategies that are simple, yet effective in improving model robustness with CSL training.
arXiv Detail & Related papers (2022-07-22T03:49:50Z)
DATA: Domain-Aware and Task-Aware Pre-training [94.62676913928831]
We present DATA, a simple yet effective NAS approach specialized for self-supervised learning (SSL) Our method achieves promising results across a wide range of computation costs on downstream tasks, including image classification, object detection and semantic segmentation.
arXiv Detail & Related papers (2022-03-17T02:38:49Z)
Don't fear the unlabelled: safe deep semi-supervised learning via simple debiasing [12.569695703536615]
Semi supervised learning (SSL) provides an effective means of leveraging unlabelled data to improve a model's performance. Most methods present the common drawback of being unsafe. This bias makes these techniques untrustable without a proper validation set.
arXiv Detail & Related papers (2022-03-14T21:42:21Z)
Interventional Few-Shot Learning [88.31112565383457]
We propose a novel Few-Shot Learning paradigm: Interventional Few-Shot Learning. Code is released at https://github.com/yue-zhongqi/ifsl.
arXiv Detail & Related papers (2020-09-28T01:16:54Z)

This list is automatically generated from the titles and abstracts of the papers in this site.