Related papers: Using Interleaved Ensemble Unlearning to Keep Backdoors at Bay for Finetuning Vision Transformers

Using Interleaved Ensemble Unlearning to Keep Backdoors at Bay for Finetuning Vision Transformers

URL: http://arxiv.org/abs/2410.01128v1
Date: Tue, 1 Oct 2024 23:33:59 GMT
Title: Using Interleaved Ensemble Unlearning to Keep Backdoors at Bay for Finetuning Vision Transformers
Authors: Zeyu Michael Li,
Abstract summary: Vision Transformers (ViTs) have become popular in computer vision tasks. Backdoor attacks, which trigger undesirable behaviours in models during inference, threaten ViTs' performance. We present Interleaved Ensemble Unlearning (IEU), a method for finetuning clean ViTs on backdoored datasets.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Vision Transformers (ViTs) have become popular in computer vision tasks. Backdoor attacks, which trigger undesirable behaviours in models during inference, threaten ViTs' performance, particularly in security-sensitive tasks. Although backdoor defences have been developed for Convolutional Neural Networks (CNNs), they are less effective for ViTs, and defences tailored to ViTs are scarce. To address this, we present Interleaved Ensemble Unlearning (IEU), a method for finetuning clean ViTs on backdoored datasets. In stage 1, a shallow ViT is finetuned to have high confidence on backdoored data and low confidence on clean data. In stage 2, the shallow ViT acts as a ``gate'' to block potentially poisoned data from the defended ViT. This data is added to an unlearn set and asynchronously unlearned via gradient ascent. We demonstrate IEU's effectiveness on three datasets against 11 state-of-the-art backdoor attacks and show its versatility by applying it to different model architectures.

Related papers

Backdoor Attack Against Vision Transformers via Attention Gradient-Based Image Erosion [4.036142985883415]
Vision Transformers (ViTs) have outperformed traditional Convolutional Neural Networks (CNN) across various computer vision tasks. ViTs are vulnerable to backdoor attacks, where an adversary embeds a backdoor into the victim model. We propose an Attention Gradient-based Erosion Backdoor (AGEB) targeted at ViTs.
arXiv Detail & Related papers (2024-10-30T04:06:12Z)
TrojViT: Trojan Insertion in Vision Transformers [16.86004410531673]
Vision Transformers (ViTs) have demonstrated the state-of-the-art performance in various vision-related tasks. In this paper, we propose a stealth and practical ViT-specific backdoor attack $TrojViT$. We show that TrojViT can classify $99.64%$ of test images to a target class by flipping $345$ bits on a ViT for ImageNet.
arXiv Detail & Related papers (2022-08-27T16:19:26Z)
Defending Backdoor Attacks on Vision Transformer via Patch Processing [18.50522247164383]
Vision Transformers (ViTs) have a radically different architecture with significantly less inductive bias than Convolutional Neural Networks. This paper investigates a representative causative attack, i.e., backdoor attacks. We propose an effective method for ViTs to defend both patch-based and blending-based trigger backdoor attacks via patch processing.
arXiv Detail & Related papers (2022-06-24T17:29:47Z)
Backdoor Attacks on Vision Transformers [20.561738561479203]
We show that Vision Transformers (ViTs) are vulnerable to backdoor attacks. We propose a test-time image blocking defense for ViTs which reduces the attack success rate by a large margin.
arXiv Detail & Related papers (2022-06-16T22:55:32Z)
Auto-scaling Vision Transformers without Training [84.34662535276898]
We propose As-ViT, an auto-scaling framework for Vision Transformers (ViTs) without training. As-ViT automatically discovers and scales up ViTs in an efficient and principled manner. As a unified framework, As-ViT achieves strong performance on classification and detection.
arXiv Detail & Related papers (2022-02-24T06:30:55Z)
Few-Shot Backdoor Attacks on Visual Object Tracking [80.13936562708426]
Visual object tracking (VOT) has been widely adopted in mission-critical applications, such as autonomous driving and intelligent surveillance systems. We show that an adversary can easily implant hidden backdoors into VOT models by tempering with the training process. We show that our attack is resistant to potential defenses, highlighting the vulnerability of VOT models to potential backdoor attacks.
arXiv Detail & Related papers (2022-01-31T12:38:58Z)
Self-slimmed Vision Transformer [52.67243496139175]
Vision transformers (ViTs) have become the popular structures and outperformed convolutional neural networks (CNNs) on various vision tasks. We propose a generic self-slimmed learning approach for vanilla ViTs, namely SiT. Specifically, we first design a novel Token Slimming Module (TSM), which can boost the inference efficiency of ViTs.
arXiv Detail & Related papers (2021-11-24T16:48:57Z)
On Improving Adversarial Transferability of Vision Transformers [97.17154635766578]
Vision transformers (ViTs) process input images as sequences of patches via self-attention. We study the adversarial feature space of ViT models and their transferability. We introduce two novel strategies specific to the architecture of ViT models.
arXiv Detail & Related papers (2021-06-08T08:20:38Z)
Reveal of Vision Transformers Robustness against Adversarial Attacks [13.985121520800215]
This work studies the robustness of ViT variants against different $L_p$-based adversarial attacks in comparison with CNNs. We provide an analysis that reveals that vanilla ViT or hybrid-ViT are more robust than CNNs.
arXiv Detail & Related papers (2021-06-07T15:59:49Z)
On the Adversarial Robustness of Visual Transformers [129.29523847765952]
This work provides the first and comprehensive study on the robustness of vision transformers (ViTs) against adversarial perturbations. Tested on various white-box and transfer attack settings, we find that ViTs possess better adversarial robustness when compared with convolutional neural networks (CNNs)
arXiv Detail & Related papers (2021-03-29T14:48:24Z)
DeepViT: Towards Deeper Vision Transformer [92.04063170357426]
Vision transformers (ViTs) have been successfully applied in image classification tasks recently. We show that, unlike convolution neural networks (CNNs)that can be improved by stacking more convolutional layers, the performance of ViTs saturate fast when scaled to be deeper. We propose a simple yet effective method, named Re-attention, to re-generate the attention maps to increase their diversity.
arXiv Detail & Related papers (2021-03-22T14:32:07Z)

This list is automatically generated from the titles and abstracts of the papers in this site.