Detecting and Corrupting Convolution-based Unlearnable Examples

TL;DR

This paper introduces a novel detection method (EPD) and a defense scheme (COIN) against convolution-based unlearnable examples that severely impair model training, demonstrating superior performance over existing defenses on CIFAR and ImageNet.

Contribution

The paper presents the first detection and defense strategies specifically targeting convolution-based unlearnable examples, expanding the scope with new UEs and outperforming state-of-the-art defenses.

Findings

EPD effectively detects convolution-based UEs.

COIN significantly improves model robustness against these UEs.

Defense outperforms 11 existing methods on benchmark datasets.

Abstract

Convolution-based unlearnable examples (UEs) employ class-wise multiplicative convolutional noise to training samples, severely compromising model performance. This fire-new type of UEs have successfully countered all defense mechanisms against UEs. The failure of such defenses can be attributed to the absence of norm constraints on convolutional noise, leading to severe blurring of image features. To address this, we first design an Edge Pixel-based Detector (EPD) to identify convolution-based UEs. Upon detection of them, we propose the first defense scheme against convolution-based UEs, COrrupting these samples via random matrix multiplication by employing bilinear INterpolation (COIN) such that disrupting the distribution of class-wise multiplicative noise. To evaluate the generalization of our proposed COIN, we newly design two convolution-based UEs called VUDA and HUDA to expand the scope of convolution-based UEs. Extensive experiments demonstrate the effectiveness of detection scheme EPD and that our defense COIN outperforms 11 state-of-the-art (SOTA) defenses, achieving a significant improvement on the CIFAR and ImageNet datasets.