Don't FREAK Out: A Frequency-Inspired Approach to Detecting Backdoor Poisoned Samples in DNNs
Hasan Abed Al Kader Hammoud, Adel Bibi, Philip H.S. Torr, Bernard, Ghanem
TL;DR
This paper introduces FREAK, a frequency-based detection method for identifying poisoned samples in DNNs, leveraging differences in frequency sensitivity between clean and malicious data.
Contribution
The paper presents a novel frequency analysis approach and a simple yet effective detection algorithm for backdoor poisoned samples in neural networks.
Findings
FREAK effectively detects frequency backdoor attacks.
FREAK also detects some spatial attack poisoned samples.
Significant frequency sensitivity disparities exist between clean and poisoned samples.
Abstract
In this paper we investigate the frequency sensitivity of Deep Neural Networks (DNNs) when presented with clean samples versus poisoned samples. Our analysis shows significant disparities in frequency sensitivity between these two types of samples. Building on these findings, we propose FREAK, a frequency-based poisoned sample detection algorithm that is simple yet effective. Our experimental results demonstrate the efficacy of FREAK not only against frequency backdoor attacks but also against some spatial attacks. Our work is just the first step in leveraging these insights. We believe that our analysis and proposed defense mechanism will provide a foundation for future research and development of backdoor defenses.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Digital Media Forensic Detection · Anomaly Detection Techniques and Applications