Evolutionary Trigger Detection and Lightweight Model Repair Based Backdoor Defense

TL;DR

This paper introduces an efficient backdoor defense for deep neural networks using evolutionary trigger detection and lightweight model repair, effectively identifying and mitigating backdoors even with limited resources.

Contribution

It proposes CETF, an evolutionary algorithm-based trigger detection method, and combines it with lightweight unlearning techniques for effective backdoor mitigation.

Findings

CETF accurately detects triggers in various attack scenarios.

The combined approach effectively repairs backdoored models.

The method is practical and stable across different conditions.

Abstract

Deep Neural Networks (DNNs) have been widely used in many areas such as autonomous driving and face recognition. However, DNN model is fragile to backdoor attack. A backdoor in the DNN model can be activated by a poisoned input with trigger and leads to wrong prediction, which causes serious security issues in applications. It is challenging for current defenses to eliminate the backdoor effectively with limited computing resources, especially when the sizes and numbers of the triggers are variable as in the physical world. We propose an efficient backdoor defense based on evolutionary trigger detection and lightweight model repair. In the first phase of our method, CAM-focus Evolutionary Trigger Filter (CETF) is proposed for trigger detection. CETF is an effective sample-preprocessing based method with the evolutionary algorithm, and our experimental results show that CETF not only distinguishes the images with triggers accurately from the clean images, but also can be widely used in practice for its simplicity and stability in different backdoor attack situations. In the second phase of our method, we leverage several lightweight unlearning methods with the trigger detected by CETF for model repair, which also constructively demonstrate the underlying correlation of the backdoor with Batch Normalization layers. Source code will be published after accepted.