Unlearning Backdoor Attacks through Gradient-Based Model Pruning

TL;DR

This paper introduces a gradient-based model pruning method to unlearn backdoor attacks in neural networks, especially effective with limited data, by removing malicious model components through targeted unlearning loss gradients.

Contribution

It presents a novel unlearning-based approach using model pruning and unlearning loss gradients to mitigate backdoor attacks, with theoretical backing and practical effectiveness.

Findings

Effective backdoor mitigation with limited data

Outperforms state-of-the-art methods in realistic scenarios

Simple and theoretically grounded approach

Abstract

In the era of increasing concerns over cybersecurity threats, defending against backdoor attacks is paramount in ensuring the integrity and reliability of machine learning models. However, many existing approaches require substantial amounts of data for effective mitigation, posing significant challenges in practical deployment. To address this, we propose a novel approach to counter backdoor attacks by treating their mitigation as an unlearning task. We tackle this challenge through a targeted model pruning strategy, leveraging unlearning loss gradients to identify and eliminate backdoor elements within the model. Built on solid theoretical insights, our approach offers simplicity and effectiveness, rendering it well-suited for scenarios with limited data availability. Our methodology includes formulating a suitable unlearning loss and devising a model-pruning technique tailored for convolutional neural networks. Comprehensive evaluations demonstrate the efficacy of our proposed approach compared to state-of-the-art approaches, particularly in realistic data settings.