Defending Against Patch-based Backdoor Attacks on Self-Supervised Learning

Simple item page
dc.contributor.authorTejankar, Ajinkya
dc.contributor.authorSanjabi, Maziar
dc.contributor.authorWang, Qifan
dc.contributor.authorWang, Sinong
dc.contributor.authorFirooz, Hamed
dc.contributor.authorPirsiavash, Hamed
dc.contributor.authorTan, Liang
dc.date.accessioned2023-11-09T19:40:25Z
dc.date.available2023-11-09T19:40:25Z
dc.date.issued2023
dc.description2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR); Vancouver, BC, Canada; June 17, 2023 to June 24, 2023en_US
dc.description.abstractRecently, self-supervised learning (SSL) was shown to be vulnerable to patch-based data poisoning backdoor attacks. It was shown that an adversary can poison a small part of the unlabeled data so that when a victim trains an SSL model on it, the final model will have a back-door that the adversary can exploit. This work aims to defend self-supervised learning against such attacks. We use a three-step defense pipeline, where we first train a model on the poisoned data. In the second step, our proposed defense algorithm (PatchSearch) uses the trained model to search the training data for poisoned samples and removes them from the training set. In the third step, a final model is trained on the cleaned-up training set. Our results show that PatchSearch is an effective defense. As an example, it improves a model's accuracy on images containing the trigger from 38.2% to 63.7% which is very close to the clean model's accuracy, 64.6%. More-over, we show that PatchSearch outperforms baselines and state-of-the-art defense approaches including those using additional clean, trusted data. Our code is available at https://github.com/UCDvision/PatchSearchen_US
dc.description.sponsorshipThis work is partially supported by DARPA Contract No. HR00112190135, HR00112290115, and FA8750-19-C-0098, NSF grants 1845216 and 1920079, NIST award 60NANB18D279, and also funding from Shell Inc., and Oracle Corp. We would also like to thank K L Navaneet and Aniruddha Saha for many helpful discussions.en_US
dc.description.urihttps://www.computer.org/csdl/proceedings-article/cvpr/2023/012900m2239/1POSjWy5RzWen_US
dc.format.extent11 pagesen_US
dc.genreconference papers and proceedingsen_US
dc.genrepostprintsen_US
dc.identifierdoi:10.13016/m2tgnq-iway
dc.identifier.citationTejankar, Ajinkya, Maziar Sanjabi, Qifan Wang, Sinong Wang, Hamed Firooz, Hamed Pirsiavash, and Liang Tan. “Defending Against Patch-Based Backdoor Attacks on Self-Supervised Learning,” 12239–49. IEEE Computer Society, 2023. https://doi.org/10.1109/CVPR52729.2023.01178.en_US
dc.identifier.urihttps://doi.ieeecomputersociety.org/10.1109/CVPR52729.2023.01178
dc.identifier.urihttp://hdl.handle.net/11603/30641
dc.language.isoen_USen_US
dc.publisherIEEEen_US
dc.relation.isAvailableAtThe University of Maryland, Baltimore County (UMBC)
dc.relation.ispartofUMBC Computer Science and Electrical Engineering Department Collection
dc.relation.ispartofUMBC Faculty Collection
dc.rights© 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.en_US
dc.titleDefending Against Patch-based Backdoor Attacks on Self-Supervised Learningen_US
dc.typeTexten_US

Files

Original bundle

Now showing 1 - 2 of 2
Thumbnail Image
Name:
Tejankar_Defending_Against_Patch-Based_Backdoor_Attacks_on_Self-Supervised_Learning_CVPR_2023_paper.pdf
Size:
2.04 MB
Format:
Adobe Portable Document Format
Description:
Download
Thumbnail Image
Name:
Tejankar_Defending_Against_Patch-Based_CVPR_2023_supplemental.pdf
Size:
344.93 KB
Format:
Adobe Portable Document Format
Description:
Supplement
Download

License bundle

Now showing 1 - 1 of 1
Thumbnail Image
Name:
license.txt
Size:
2.56 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection