Don't FREAK Out: A Frequency-Inspired Approach to Detecting Backdoor Poisoned Samples in DNNs
This work addresses backdoor defense in DNNs, offering a novel detection method that could be foundational for future research, though it appears incremental as an initial step.
The paper tackled the problem of detecting backdoor poisoned samples in deep neural networks by analyzing frequency sensitivity disparities, proposing the FREAK algorithm which proved effective against frequency and some spatial attacks.
In this paper we investigate the frequency sensitivity of Deep Neural Networks (DNNs) when presented with clean samples versus poisoned samples. Our analysis shows significant disparities in frequency sensitivity between these two types of samples. Building on these findings, we propose FREAK, a frequency-based poisoned sample detection algorithm that is simple yet effective. Our experimental results demonstrate the efficacy of FREAK not only against frequency backdoor attacks but also against some spatial attacks. Our work is just the first step in leveraging these insights. We believe that our analysis and proposed defense mechanism will provide a foundation for future research and development of backdoor defenses.