Guarding the Gate: ConceptGuard Battles Concept-Level Backdoors in Concept Bottleneck Models

TL;DR

This paper introduces ConceptGuard, a novel defense framework that enhances the security of Concept Bottleneck Models against concept-level backdoor attacks, ensuring robustness without sacrificing interpretability.

Contribution

We propose ConceptGuard, the first tailored defense for concept-level backdoors in CBMs, with theoretical guarantees and maintained model performance.

Findings

ConceptGuard effectively detects and mitigates concept-level backdoors.

The framework provides theoretical robustness guarantees.

Experimental results show improved security without loss of interpretability.

Abstract

The increasing complexity of AI models, especially in deep learning, has raised concerns about transparency and accountability, particularly in high-stakes applications like medical diagnostics, where opaque models can undermine trust. Explainable Artificial Intelligence (XAI) aims to address these issues by providing clear, interpretable models. Among XAI techniques, Concept Bottleneck Models (CBMs) enhance transparency by using high-level semantic concepts. However, CBMs are vulnerable to concept-level backdoor attacks, which inject hidden triggers into these concepts, leading to undetectable anomalous behavior. To address this critical security gap, we introduce ConceptGuard, a novel defense framework specifically designed to protect CBMs from concept-level backdoor attacks. ConceptGuard employs a multi-stage approach, including concept clustering based on text distance measurements and a voting mechanism among classifiers trained on different concept subgroups, to isolate and mitigate potential triggers. Our contributions are threefold: (i) we present ConceptGuard as the first defense mechanism tailored for concept-level backdoor attacks in CBMs; (ii) we provide theoretical guarantees that ConceptGuard can effectively defend against such attacks within a certain trigger size threshold, ensuring robustness; and (iii) we demonstrate that ConceptGuard maintains the high performance and interpretability of CBMs, crucial for trustworthiness. Through comprehensive experiments and theoretical proofs, we show that ConceptGuard significantly enhances the security and trustworthiness of CBMs, paving the way for their secure deployment in critical applications.