Defending Against Backdoor Attacks by Quarantine Training

Chengxu Yu; Yulai Zhang

doi:10.1109/ACCESS.2024.3354385

IEEE Access (Jan 2024)

Defending Against Backdoor Attacks by Quarantine Training

Chengxu Yu,
Yulai Zhang

Affiliations

Chengxu Yu: ORCiD; School of Information and Electronic Engineering, Zhejiang University of Science and Technology, Hangzhou, China
Yulai Zhang: ORCiD; School of Information and Electronic Engineering, Zhejiang University of Science and Technology, Hangzhou, China

DOI: https://doi.org/10.1109/ACCESS.2024.3354385
Journal volume & issue: Vol. 12
pp. 10681 – 10689

Abstract

Read online

Deep neural networks (DNNs) are powerful yet vulnerable to backdoor attacks simply by adding backdoor samples to the training set without controlling the training process. To filter out the backdoor samples in the training set, this paper proposes a novel and effective backdoor defense method called Quarantine Training (QT). Specifically, QT creates a quarantine class for each class in the training set and relabels all sample labels to associate with their corresponding quarantine classes during training. In this process, the backdoor samples are gradually categorized into the quarantine classes, thus effectively filtering out the backdoor samples. Experiments on multiple benchmark datasets with a variety of backdoor attacks demonstrate that QT has state-of-the-art backdoor defense performance without reducing the prediction accuracy of benign samples - and even improving it. Our codes are available at https://github.com/Chengx-Yu/Quarantine-Training.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords