End-to-End Anti-Backdoor Learning on Images and Time Series
This addresses a security concern for safety-critical applications by providing a defense against backdoor attacks, but it is incremental as it builds upon prior Anti-Backdoor Learning methods.
The paper tackled the problem of defending deep learning models against backdoor attacks by introducing End-to-End Anti-Backdoor Learning (E2ABL), which enables robust training on poisoned data for both image and time series domains, showing significant improvements over existing defenses.
Backdoor attacks present a substantial security concern for deep learning models, especially those utilized in applications critical to safety and security. These attacks manipulate model behavior by embedding a hidden trigger during the training phase, allowing unauthorized control over the model's output during inference time. Although numerous defenses exist for image classification models, there is a conspicuous absence of defenses tailored for time series data, as well as an end-to-end solution capable of training clean models on poisoned data. To address this gap, this paper builds upon Anti-Backdoor Learning (ABL) and introduces an innovative method, End-to-End Anti-Backdoor Learning (E2ABL), for robust training against backdoor attacks. Unlike the original ABL, which employs a two-stage training procedure, E2ABL accomplishes end-to-end training through an additional classification head linked to the shallow layers of a Deep Neural Network (DNN). This secondary head actively identifies potential backdoor triggers, allowing the model to dynamically cleanse these samples and their corresponding labels during training. Our experiments reveal that E2ABL significantly improves on existing defenses and is effective against a broad range of backdoor attacks in both image and time series domains.